Kees Bakker <kees@xxxxxxxxxxxx> writes:
> Op 06-09-2024 om 05:07 schreef Huang Ying:
>> [...]
>> +static void resource_test_insert_resource(struct kunit *test, struct resource *parent,
>> + resource_size_t start, resource_size_t size,
>> + const char *name, unsigned long flags)
>> +{
>> + struct resource *res;
>> +
>> + res = kzalloc(sizeof(*res), GFP_KERNEL);
>> + KUNIT_ASSERT_NOT_NULL(test, res);
>> +
>> + res->name = name;
>> + res->start = start;
>> + res->end = start + size - 1;
>> + res->flags = flags;
>> + if (insert_resource(parent, res)) {
>> + kfree(res);
>> + KUNIT_FAIL_AND_ABORT(test, "Fail to insert resource %pR\n", res);
> Isn't this a user-after-free?
Good catch! Thanks for pointing this out. I should be more careful for
the error path.
>> + }
>> +
>> + kunit_add_action_or_reset(test, remove_free_resource, res);
This may cause use-after-free if failed to allocate memory for
add_action. Will fix this too.
>> +}
>>
--
Best Regards,
Huang, Ying
