Hi, On Wed, Jul 31, 2013 at 2:02 AM, Lars-Peter Clausen <lars@xxxxxxxxxx> wrote: > On 07/31/2013 10:52 AM, Dan Carpenter wrote: >> >> There is a typo here so we end up using the old freed pointer instead of >> the newly allocated one. (If the "n" is zero then the code works, >> obviously). >> >> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > > Thanks. > > Acked-by: Lars-Peter Clausen <lars@xxxxxxxxxx> > > Olof, can you check whether this fixes the crash you see? Nope. There's also remaining issues with the code, that patch isn't enough. The structure that is krealloced() has a list_head in it, but the list isn't moved from the old head to the new one. There's no safe way to do that using krealloc, since the old list_head is gone by then, so it's probably easest to open-code with kzalloc/memcpy/kfree. But even with that fixed, I still see the same issue. Boggle. (Btw, I'm testing on top of commit 5106b92f80a2cd37c52cffed80b4f5acfb77ccfd). -Olof -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
