On 08/02/2012 01:11 AM, Christoph Lameter wrote:
>
> if (s) {
> - int r = __kmem_cache_create(s, n, size, align, flags, ctor);
> + int r;
>
> - if (!r)
> + s->object_size = s->size = size;
> + s->align = align;
> + s->ctor = ctor;
> + s->name = kstrdup(name, GFP_KERNEL);
> + if (!s->name) {
> + kmem_cache_free(kmem_cache, s);
> + s = NULL;
> + goto oops;
> + }
> +
> + r = __kmem_cache_create(s, flags);
> +
> + if (!r) {
> + s->refcount = 1;
> list_add(&s->list, &slab_caches);
> - else {
> - kfree(n);
> + } else {
> + kfree(s->name);
> kmem_cache_free(kmem_cache, s);
> s = NULL;
> }
> } else
> - kfree(n);
> + kfree(s->name);
This last statement is a NULL pointer dereference.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>