From: Alex Elder <elder@inktank.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: ceph-devel@vger.kernel.org
Subject: Re: [PATCH] ceph: fix potential double free
Date: Fri, 13 Jul 2012 09:36:57 -0500 [thread overview]
Message-ID: <50003289.5010805@inktank.com> (raw)
In-Reply-To: <20120713142839.23587.58658.stgit@localhost.localdomain>
On 07/13/2012 09:28 AM, Alan Cox wrote:
> From: Alan Cox <alan@linux.intel.com>
>
> We re-run the loop but we don't re-set the attrs pointer back to NULL.
It looks to me like we're OK here without this.
At the top of the loop, the if condition either holds or it does not.
- If it does not, we don't touch "xattrs" again, before returning "err".
- If the condition holds, the next time "xattrs" is touched is when its
value is assigned the result of a kcalloc() call.
That being said, I really do prefer to have pointers get invalidated
after their freed, so I'll happily add your change...
Reviewed-by: Alex Elder <elder@inktank.com>
> Signed-off-by: Alan Cox <alan@linux.intel.com>
> ---
>
> fs/ceph/xattr.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
> index 785cb30..2c2ae5b 100644
> --- a/fs/ceph/xattr.c
> +++ b/fs/ceph/xattr.c
> @@ -457,6 +457,7 @@ start:
> for (i = 0; i < numattr; i++)
> kfree(xattrs[i]);
> kfree(xattrs);
> + xattrs = NULL;
> goto start;
> }
> err = -EIO;
>
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
next prev parent reply other threads:[~2012-07-13 14:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-13 14:28 [PATCH] ceph: fix potential double free Alan Cox
2012-07-13 14:36 ` Alex Elder [this message]
2012-07-13 14:56 ` Alan Cox
2012-07-13 15:39 ` Alex Elder
2012-07-13 16:37 ` Alan Cox
2012-07-13 16:53 ` Alex Elder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50003289.5010805@inktank.com \
--to=elder@inktank.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=ceph-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.