Hi David,
David Howells <dhowells@xxxxxxxxxx> says:
Pavel Skripkin <paskripkin@xxxxxxxxx> wrote:
Syzbot was able to trigger use of uninitialized memory in
af_alg_free_resources.
Bug is caused by missing initialization of rsgl->sgl.need_unpin before
adding to rsgl_list. Then in case of extract_iter_to_sg() failure, rsgl
is left with uninitialized need_unpin which is read during clean up
Looks feasible :-).
+ rsgl->sgl.need_unpin = 0;
+
The blank line isn't really necessary and it's a bool, so can you use 'false'
rather than '0'?
Alternatively, it might be better to move:
rsgl->sgl.need_unpin =
iov_iter_extract_will_pin(&msg->msg_iter);
up instead.
Thank you for review! I've just posted v2 :)
With regards,
Pavel Skripkin
