>>> On 23.09.11 at 17:35, Guenter Roeck <guenter.roeck@xxxxxxxxxxxx> wrote: > On Fri, 2011-09-23 at 06:32 -0400, Jan Beulich wrote: >> Storing the struct temp_data pointer allocated from create_core_data() >> before passing the last 'goto exit_free' has the potential of leaving >> around a pointer to freed memory. As there's no need for the pointer to >> be stored before calling create_core_attrs(), simply move the storing >> past that call. >> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> >> Cc: stable@xxxxxxxxxx >> >> --- >> drivers/hwmon/coretemp.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> --- 3.1-rc7-coretemp.orig/drivers/hwmon/coretemp.c >> +++ 3.1-rc7-coretemp/drivers/hwmon/coretemp.c >> @@ -609,13 +609,14 @@ static int create_core_data(struct platf >> THERM_SHIFT_THRESHOLD1) * 1000; >> } >> >> - pdata->core_data[attr_no] = tdata; >> >> /* Create sysfs interfaces */ >> err = create_core_attrs(tdata, &pdev->dev, attr_no); >> if (err) >> goto exit_free; >> >> + pdata->core_data[attr_no] = tdata; >> + > Problem with this patch is that core_data can be accessed after the call > to create_core_attrs() (since the attributes now exist). So the patch > introduces a small window where an access to core_data[] can result in a > NULL pointer access. > >> return 0; >> exit_free: > > Any problem with just resetting pdata->core_data[attr_no] to NULL here ? Certainly not - I just didn't realize the dependency you point out above, and without that it seemed more clean to just move the assignment. Will send an updated patch in a little while, unless you want to go ahead and fix this the right way before I would get to it. Jan _______________________________________________ lm-sensors mailing list lm-sensors@xxxxxxxxxxxxxx http://lists.lm-sensors.org/mailman/listinfo/lm-sensors
