Re: [PATCH] scsi: aacraid: Fix memory leak in open_getadapter_fib function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 9/3/24 1:30 PM, Riyan Dhiman wrote:

Just above the copy_to_user() call there is the following statement:

	list_add_tail(&fibctx->next, &dev->fib_list);

Does that mean that the above kfree() will cause list corruption?


Yes, you are correct. I overlooked that fibctx is part of a list, and freeing the
memory without removing the list entry would corrupt the list.
The list entry should be deleted before freeing the memory if copy_to_user() fails.


Are you sure that this is what the code should do?

Thanks,

Bart.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux