From: Konstantin Khlebnikov <khlebnikov@openvz.org>
To: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>,
Arnd Bergmann <arnd@arndb.de>,
Pavel Emelianov <xemul@parallels.com>,
Chris Metcalf <cmetcalf@tilera.com>,
Lucas De Marchi <lucas.de.marchi@gmail.com>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH linux-next] ipc: fix local variable initialization in compat_do_msg_fill()
Date: Thu, 19 Apr 2012 17:00:43 +0400 [thread overview]
Message-ID: <4F900C7B.3060607@openvz.org> (raw)
In-Reply-To: <20120419122124.15573.24504.stgit@zurg>
Konstantin Khlebnikov wrote:
> The "msgp" must points to the userspace buffer.
>
> fix for linux-next commit 774d0252d303969a7281eefd6eaccde50bb6eb6e
> ("c/r: ipc: message queue receive cleanup")
Oops, Dan Carpenter had caught this several days before me:
[patch] c/r: ipc: uninitialized variable in compat_do_msg_fill()
>
> Signed-off-by: Konstantin Khlebnikov<khlebnikov@openvz.org>
> Cc: Stanislav Kinsbursky<skinsbursky@parallels.com>
> Cc: Lucas De Marchi<lucas.de.marchi@gmail.com>
> Cc: Chris Metcalf<cmetcalf@tilera.com>
> Cc: Cyrill Gorcunov<gorcunov@openvz.org>
> Cc: Pavel Emelyanov<xemul@parallels.com>
> Cc: Arnd Bergmann<arnd@arndb.de>
> Cc: Andrew Morton<akpm@linux-foundation.org>
> ---
> ipc/compat.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ipc/compat.c b/ipc/compat.c
> index 6da376b..0c2ebd0 100644
> --- a/ipc/compat.c
> +++ b/ipc/compat.c
> @@ -363,7 +363,7 @@ static long compat_do_msg_steal(void __user *dest, struct msg_msg *msg, size_t b
>
> long compat_do_msg_fill(void __user *dest, struct msg_msg *msg, size_t bufsz)
> {
> - struct compat_msgbuf __user *msgp;
> + struct compat_msgbuf __user *msgp = dest;
> size_t msgsz;
>
> if (put_user(msg->m_type,&msgp->mtype))
>
prev parent reply other threads:[~2012-04-19 13:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-19 12:21 [PATCH linux-next] ipc: fix local variable initialization in compat_do_msg_fill() Konstantin Khlebnikov
2012-04-19 13:00 ` Konstantin Khlebnikov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F900C7B.3060607@openvz.org \
--to=khlebnikov@openvz.org \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=cmetcalf@tilera.com \
--cc=gorcunov@openvz.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lucas.de.marchi@gmail.com \
--cc=skinsbursky@parallels.com \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.