From: Dan Carpenter <dan.carpenter@oracle.com>
To: Qiujun Huang <hqjagain@gmail.com>
Cc: kvalo@codeaurora.org, ath9k-devel@qca.qualcomm.com,
davem@davemloft.net, linux-wireless@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
anenbupt@gmail.com, syzkaller-bugs@googlegroups.com
Subject: Re: [PATCH 1/5] ath9k: Fix use-after-free Read in htc_connect_service
Date: Tue, 7 Apr 2020 13:51:55 +0300 [thread overview]
Message-ID: <20200407105154.GI2001@kadam> (raw)
In-Reply-To: <20200404041838.10426-2-hqjagain@gmail.com>
This patch is correct but there are a lot of error paths in
hif_usb_send() which don't free the skb. Some error paths *do* free
the skb but most don't. It's really a lot of work to sort through and
fix.
regards,
dan carpenter
next prev parent reply other threads:[~2020-04-07 10:52 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-04 4:18 [PATCH 0/5] ath9k: bug fixes Qiujun Huang
2020-04-04 4:18 ` [PATCH 1/5] ath9k: Fix use-after-free Read in htc_connect_service Qiujun Huang
2020-04-07 5:01 ` Kalle Valo
2020-04-07 10:51 ` Dan Carpenter [this message]
2020-04-04 4:18 ` [PATCH 2/5] ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx Qiujun Huang
2020-04-04 4:18 ` [PATCH 3/5] ath9k: Fix use-after-free Write in ath9k_htc_rx_msg Qiujun Huang
2020-04-04 4:18 ` [PATCH 4/5 resend] ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb Qiujun Huang
2020-04-04 4:18 ` [PATCH 5/5] ath9k: Fix general protection fault " Qiujun Huang
2020-04-07 12:50 ` Dan Carpenter
2020-06-20 21:04 ` [BISECTED REGRESSION] " Roman Mamedov
2020-06-22 14:36 ` Kalle Valo
2020-07-01 15:53 ` [PATCH] Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb" Viktor Jägersküpper
2020-07-01 19:56 ` Roman Mamedov
2020-07-01 21:32 ` [PATCH v2] " Viktor Jägersküpper
2020-07-02 6:43 ` [PATCH] " Kalle Valo
2020-07-09 14:36 ` Viktor Jägersküpper
2020-07-13 14:26 ` Kalle Valo
-- strict thread matches above, loose matches on Subject: below --
2020-04-04 12:30 [PATCH 1/5] ath9k: Fix use-after-free read in htc_connect_service Markus Elfring
2020-04-04 12:40 ` Qiujun Huang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200407105154.GI2001@kadam \
--to=dan.carpenter@oracle.com \
--cc=anenbupt@gmail.com \
--cc=ath9k-devel@qca.qualcomm.com \
--cc=davem@davemloft.net \
--cc=hqjagain@gmail.com \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.