From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Christoph Egger" Subject: Re: [PATCH][ioemu] strip tap subtype prefix from image name (restyled) Date: Thu, 31 Jan 2008 09:36:30 +0100 Message-ID: <200801310936.30233.Christoph.Egger@amd.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Keir Fraser Cc: xen-devel@lists.xensource.com, Pat Campbell List-Id: xen-devel@lists.xenproject.org On Wednesday 30 January 2008 15:45:03 Keir Fraser wrote: > On 30/1/08 14:38, "Christoph Egger" wrote: > >> out: > >> + free(drv); > >> + free(buf); > >> + free(bpath); > >> free(image); > >> free(vec); > > > > That doesn't work. If strdup() fails, then drv and buf are NULL here. > > Analagous counts for the other failures. > > You need to check for !=3D NULL before calling free(). > > free() is defined to accept a NULL argument. > > -- Keir That's right. But that is the way to get in double-free() security holes. Christoph =2D-=20 AMD Saxony, Dresden, Germany Operating System Research Center Legal Information: AMD Saxony Limited Liability Company & Co. KG Sitz (Gesch=E4ftsanschrift): Wilschdorfer Landstr. 101, 01109 Dresden, Deutschland Registergericht Dresden: HRA 4896 vertretungsberechtigter Komplement=E4r: AMD Saxony LLC (Sitz Wilmington, Delaware, USA) Gesch=E4ftsf=FChrer der AMD Saxony LLC: Dr. Hans-R. Deppe, Thomas McCoy