From mboxrd@z Thu Jan 1 00:00:00 1970 From: glommer@br.ibm.com (Glauber de Oliveira Costa) Subject: [PATCH] Null pointer dereference at free_vm_area() Date: Mon, 26 Dec 2005 13:58:57 -0200 Message-ID: <20051226155857.GA14912@br.ibm.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="qDbXVdCdHGoSgWSk" Return-path: Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi folks, The free_vm_area() function may crash if it gets a NULL pointer as a parameter. I do think that the right behaviour should be returning in this case. This is, for example, the same behaviour of kfree(), and as alloc_vm_area() may also return NULL, it may lead to a more elegant alloc/free sequence in case of a fail. In case you agree with that, a patch follows. Signed-off-by: Glauber de Oliveira Costa -- glommer --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline; filename=free_return_null diff -r 829517be689f linux-2.6-xen-sparse/drivers/xen/util.c --- a/linux-2.6-xen-sparse/drivers/xen/util.c Fri Dec 23 15:42:46 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/util.c Mon Dec 26 15:47:50 2005 @@ -35,6 +35,8 @@ void free_vm_area(struct vm_struct *area) { struct vm_struct *ret; + if (!area) + return; ret = remove_vm_area(area->addr); BUG_ON(ret != area); kfree(area); --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --qDbXVdCdHGoSgWSk--