Re: Stale expression reference causing use-after-free

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2010-09-21 at 19:03 +0100, Arnaud Lacombe wrote:
> On Tue, Sep 21, 2010 at 1:03 PM, Catalin Marinas
> <catalin.marinas@xxxxxxx> wrote:
> > On Tue, 2010-09-21 at 12:57 -0400, Arnaud Lacombe wrote:
> >> this is a huge shoot in the dark, but does not seem to cause any regression:
> >>
> >> diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
> >> index 23acbdb..9eee093 100644
> >> --- a/scripts/kconfig/menu.c
> >> +++ b/scripts/kconfig/menu.c
> >> @@ -107,7 +107,6 @@ static struct expr *menu_check_dep(struct expr *e)
> >>  void menu_add_dep(struct expr *dep)
> >>  {
> >>         current_entry->dep = expr_alloc_and(current_entry->dep, menu_check_dep(dep));
> >> -       current_entry->dir_dep = current_entry->dep;
> >>  }
> >>
> >>  void menu_set_type(int type)
> >> @@ -268,6 +267,7 @@ void menu_finalize(struct menu *parent)
> >>                         basedep = expr_alloc_and(expr_copy(parentdep), basedep);
> >>                         basedep = expr_eliminate_dups(basedep);
> >>                         menu->dep = basedep;
> >> +                       menu->dir_dep = expr_copy(basedep);
> >>                         if (menu->sym)
> >>                                 prop = menu->sym->prop;
> >>                         else
> >
> > I'm not sure this would have the same effect as what I intended. The
> > dir_dep should only store the "depends on" clauses but the basedep at
> > this point may include some "select" clauses as well.
> 
> I'm not sure of that. "select" statement are appended to the
> (selected?) symbol property list and simplified after `basedep' has
> been computed, before being assigned to the symbol reverse dependency.
> So, as far as I understand, `basedep' dependency's list is free from
> any reverse dependency. Maybe a kconfig's guru can confirm. That would
> simplify a lot.

You may be right. I did some tests and it looks like it indeed does the
trick (warning on selecting symbols with unmet dependencies). You can
submit it with my ack:

Acked-by: Catalin Marinas <catalin.marinas@xxxxxxx>

In your patch, could you also remove the additional expr_copy() when
transforming dir_dep (my first patch which wasn't solving the problem
but an extra copy is superfluous).

Thanks.

-- 
Catalin

--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux&nblp;USB Development]     [Linux Media]     [Video for Linux]     [Linux Audio Users]     [Yosemite Secrets]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux