On Sat, 3 May 2008, WANG Cong wrote: > Fix a wrong free in fs/binfmt_elf.c::elf_core_dump(). > > Signed-off-by: WANG Cong <wangcong@xxxxxxxxx> > Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx> > Cc: Eric Youngdale <ericy@xxxxxxxx> > > --- > fs/binfmt_elf.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > index b25707f..43254e3 100644 > --- a/fs/binfmt_elf.c > +++ b/fs/binfmt_elf.c > @@ -2032,10 +2032,10 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un > > end_coredump: > set_fs(fs); > + free_note_info(&info); > > cleanup: > kfree(elf); > - free_note_info(&info); > return has_dumped; > } Looks like fill_note_info() requires that you call free_note_info() if it fails; otherwise we'll leak memory. So perhaps something like the following totally untested patch? Pekka diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index b25707f..febd208 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1917,7 +1917,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un */ if (!fill_note_info(elf, segs + 1, /* including notes section */ &info, signr, regs)) - goto cleanup; + goto cleanup_note; has_dumped = 1; current->flags |= PF_DUMPCORE; @@ -2033,9 +2033,11 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un end_coredump: set_fs(fs); +cleanup_note: + free_note_info(&info); + cleanup: kfree(elf); - free_note_info(&info); return has_dumped; } -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
