* gazillon of double-free
@ 2010-09-08 23:20 Robert Millan
2010-09-08 23:44 ` Vladimir 'φ-coder/phcoder' Serbinenko
2010-09-14 19:42 ` Colin D Bennett
0 siblings, 2 replies; 3+ messages in thread
From: Robert Millan @ 2010-09-08 23:20 UTC (permalink / raw)
To: The development of GNU GRUB
It seems we have a ton of double-free bugs in label() and
uuid() routines.
Take for example grub_ext2_label():
data = grub_ext2_mount (disk);
if (data)
*label = grub_strndup (data->sblock.volume_name, 14);
else
*label = NULL;
grub_free (data);
If grub_ext2_mount fails, data is not allocated but we free it anyway.
Or perhaps I'm missing something? (it's late here, I need some sleep)
--
Robert Millan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: gazillon of double-free
2010-09-08 23:20 gazillon of double-free Robert Millan
@ 2010-09-08 23:44 ` Vladimir 'φ-coder/phcoder' Serbinenko
2010-09-14 19:42 ` Colin D Bennett
1 sibling, 0 replies; 3+ messages in thread
From: Vladimir 'φ-coder/phcoder' Serbinenko @ 2010-09-08 23:44 UTC (permalink / raw)
To: grub-devel
On 09/09/10 01:20, Robert Millan wrote:
> It seems we have a ton of double-free bugs in label() and
> uuid() routines.
>
> Take for example grub_ext2_label():
>
> data = grub_ext2_mount (disk);
> if (data)
> *label = grub_strndup (data->sblock.volume_name, 14);
> else
> *label = NULL;
> grub_free (data);
>
> If grub_ext2_mount fails, data is not allocated but we free it anyway.
>
> Or perhaps I'm missing something? (it's late here, I need some sleep)
>
>
grub_free (NULL) is a no-op on purpose:
/* Deallocate the pointer PTR. */
void
grub_free (void *ptr)
{
grub_mm_header_t p;
grub_mm_region_t r;
if (! ptr)
return;
--
Regards
Vladimir 'φ-coder/phcoder' Serbinenko
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: gazillon of double-free
2010-09-08 23:20 gazillon of double-free Robert Millan
2010-09-08 23:44 ` Vladimir 'φ-coder/phcoder' Serbinenko
@ 2010-09-14 19:42 ` Colin D Bennett
1 sibling, 0 replies; 3+ messages in thread
From: Colin D Bennett @ 2010-09-14 19:42 UTC (permalink / raw)
To: grub-devel
On Thu, 9 Sep 2010 01:20:40 +0200
Robert Millan <rmh@gnu.org> wrote:
> It seems we have a ton of double-free bugs in label() and
> uuid() routines.
>
> Take for example grub_ext2_label():
>
> data = grub_ext2_mount (disk);
> if (data)
> *label = grub_strndup (data->sblock.volume_name, 14);
> else
> *label = NULL;
> grub_free (data);
It is important to distinguish between double-free and free(NULL).
As Vladimir points out, free(NULL) is of course OK, but
"free(p); free(p);", where p != NULL, is a double-free and is wrong.
Regards,
Colin
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-09-14 19:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-09-08 23:20 gazillon of double-free Robert Millan
2010-09-08 23:44 ` Vladimir 'φ-coder/phcoder' Serbinenko
2010-09-14 19:42 ` Colin D Bennett
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.