Hi Ola,
On Thu, Oct 1, 2015 at 9:39 AM, Ola Olsson <ola1olsson@xxxxxxxxx> wrote:
> I guess not since there is a goto statement in between. Please correct
> me if I am wrong.
Oh, wait, you are right. I'm used to goto-free code.
Sorry for the noise.
Thanks,
Julian Calaby
> /Ola
>
> On Thu, Oct 1, 2015 at 1:34 AM, Julian Calaby <julian.calaby@xxxxxxxxx> wrote:
>> Hi Ola,
>>
>> On Thu, Oct 1, 2015 at 9:27 AM, Ola Olsson <ola1olsson@xxxxxxxxx> wrote:
>>> Oh yes! :)
>>> Suddenly valgrind was happy as well.
>>>
>>> From 2724dd259f2bf61a2b7c85a70a70fd640a583453 Mon Sep 17 00:00:00 2001
>>> From: Ola Olsson <ola.olsson@xxxxxxxxxxxxxx>
>>> Date: Thu, 1 Oct 2015 00:43:06 +0200
>>> Subject: [PATCH] iw: Memory leak in error condition Signed-off-by: Ola Olsson
>>> <ola.olsson@xxxxxxxxxxxxxx>
>>>
>>> ---
>>> scan.c | 5 ++++-
>>> 1 file changed, 4 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/scan.c b/scan.c
>>> index e959c1b..f3441a7 100644
>>> --- a/scan.c
>>> +++ b/scan.c
>>> @@ -445,8 +445,11 @@ static int handle_scan(struct nl80211_state *state,
>>>
>>> if (ies || meshid) {
>>> tmpies = (unsigned char *) malloc(ies_len + meshid_len);
>>> - if (!tmpies)
>>> + if (!tmpies) {
>>> + free(ies);
>>> + free(meshid);
>>> goto nla_put_failure;
>>> + }
>>> if (ies) {
>>
>> free() doesn't set it to "null" or anything like that, so isn't the
>> line above a use-after-free?
>>
>>> memcpy(tmpies, ies, ies_len);
>>> free(ies);
>>> --
>>> 1.7.9.5
>>>
>>> On Thu, Oct 1, 2015 at 1:16 AM, James Cameron <quozl@xxxxxxxxxx> wrote:
>>>> On Thu, Oct 01, 2015 at 01:01:18AM +0200, Ola Olsson wrote:
>>>>> >From 5239e8e9aa79a131b716398efbf7a1203decbd9b Mon Sep 17 00:00:00 2001
>>>>> From: Ola Olsson <ola.olsson@xxxxxxxxxxxxxx>
>>>>> Date: Thu, 1 Oct 2015 00:43:06 +0200
>>>>> Subject: [PATCH] iw: Memory leak in error condition Signed-off-by: Ola
>>>>> Olsson <ola.olsson@xxxxxxxxxxxxxx>
>>>>>
>>>>> ---
>>>>> scan.c | 2 ++
>>>>> 1 file changed, 2 insertions(+)
>>>>>
>>>>> diff --git a/scan.c b/scan.c
>>>>> index e959c1b..f248981 100644
>>>>> --- a/scan.c
>>>>> +++ b/scan.c
>>>>> @@ -446,6 +446,8 @@ static int handle_scan(struct nl80211_state *state,
>>>>> if (ies || meshid) {
>>>>> tmpies = (unsigned char *) malloc(ies_len + meshid_len);
>>>>> if (!tmpies)
>>>>> + free(ies);
>>>>> + free(meshid);
>>>>> goto nla_put_failure;
>>>>
>>>> Braces? { }
>>>>
>>>>
>>>>> if (ies) {
>>>>> memcpy(tmpies, ies, ies_len);
>>>>> --
>>>>> 1.7.9.5
>>>>> --
>>>>> To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
>>>>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>>>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>>
>>>> --
>>>> James Cameron
>>>> http://quozl.linux.org.au/
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
>>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>>
>>
>> --
>> Julian Calaby
>>
>> Email: julian.calaby@xxxxxxxxx
>> Profile: http://www.google.com/profiles/julian.calaby/
--
Julian Calaby
Email: julian.calaby@xxxxxxxxx
Profile: http://www.google.com/profiles/julian.calaby/
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
