Re: [PATCH] OMAP: DSS2: OMAPFB: fix potential GPF

From: Aaro Koskinen
Date: Sat Jun 26 2021 - 19:30:50 EST

Next message: Jonathan Neuschäfer: "Re: [PATCH v2 3/4] powerpc: wii.dts: Expose the OTP on this platform"
Previous message: kernel test robot: "Re: [PATCH 2/6] usb:gadget:mass-storage: refactoring the SCSI command handling"
In reply to: Pavel Skripkin: "[PATCH] OMAP: DSS2: OMAPFB: fix potential GPF"
Next in thread: Pavel Skripkin: "Re: [PATCH] OMAP: DSS2: OMAPFB: fix potential GPF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Sat, Jun 26, 2021 at 01:33:23AM +0300, Pavel Skripkin wrote:
> In case of allocation failures, all code paths was jumping
> to this code:
>
> err:
> kfree(fbi);
> kfree(var);
> kfree(fbops);
>
> return r;
>
> Since all 3 pointers placed on stack and don't initialized, they
> will be filled with some random values, which leads to
> deferencing random pointers in kfree(). Fix it by rewriting
> error handling path.

They are initialized before the first goto:

[...]
fbi = NULL;
var = NULL;
fbops = NULL;

fbi = kzalloc(sizeof(*fbi), GFP_KERNEL);
if (fbi == NULL) {
r = -ENOMEM;
goto err;
}
[...]

A.

Next message: Jonathan Neuschäfer: "Re: [PATCH v2 3/4] powerpc: wii.dts: Expose the OTP on this platform"
Previous message: kernel test robot: "Re: [PATCH 2/6] usb:gadget:mass-storage: refactoring the SCSI command handling"
In reply to: Pavel Skripkin: "[PATCH] OMAP: DSS2: OMAPFB: fix potential GPF"
Next in thread: Pavel Skripkin: "Re: [PATCH] OMAP: DSS2: OMAPFB: fix potential GPF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]