From: Dominique Martinet <asmadeus@codewreck.org>
To: Fedor Pchelkin <pchelkin@ispras.ru>
Cc: Latchesar Ionkov <lucho@ionkov.net>,
Eric Van Hensbergen <ericvh@kernel.org>,
Christian Schoenebeck <linux_oss@crudebyte.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
v9fs@lists.linux.dev, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org,
Alexey Khoroshilov <khoroshilov@ispras.ru>,
lvc-project@linuxtesting.org
Subject: Re: [PATCH v2] net: 9p: avoid freeing uninit memory in p9pdu_vreadf
Date: Tue, 5 Dec 2023 18:31:42 +0900 [thread overview]
Message-ID: <ZW7t_rq_a2ag5eoU@codewreck.org> (raw)
In-Reply-To: <20231205091952.24754-1-pchelkin@ispras.ru>
Fedor Pchelkin wrote on Tue, Dec 05, 2023 at 12:19:50PM +0300:
> If an error occurs while processing an array of strings in p9pdu_vreadf
> then uninitialized members of *wnames array are freed.
>
> Fix this by iterating over only lower indices of the array. Also handle
> possible uninit *wnames usage if first p9pdu_readf() call inside 'T' case
> fails.
>
> Found by Linux Verification Center (linuxtesting.org).
>
> Fixes: ace51c4dd2f9 ("9p: add new protocol support code")
> Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
> ---
> v2: I've missed that *wnames can also be left uninitialized. Please
> ignore the patch v1.
While I agree it's good to initialize it in general, how is that a
problem here? Do we have users that'd ignore the return code and try to
use *wnames?
(The first initialization is required in case the first p9pdu_readf
fails and *wnames had a non-null initial value, but the second is
unrelated)
I don't mind the change even if there isn't but let's add a word in the
commit message.
> As an answer to Dominique's comment: my organization marks this
> statement in all commits.
Fair enough, I think you'd get more internet points with a 'Reported-by'
but I see plenty of such messages in old commits and this isn't
something I want to argue about -- ok.
--
Dominique Martinet | Asmadeus
next prev parent reply other threads:[~2023-12-05 9:32 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-05 8:05 [PATCH] net: 9p: avoid freeing uninit memory in p9pdu_vreadf Fedor Pchelkin
2023-12-05 9:07 ` Dominique Martinet
2023-12-05 9:19 ` [PATCH v2] " Fedor Pchelkin
2023-12-05 9:31 ` Dominique Martinet [this message]
2023-12-05 12:15 ` Fedor Pchelkin
2023-12-05 12:43 ` Dominique Martinet
2023-12-05 12:29 ` Christian Schoenebeck
2023-12-05 13:09 ` Fedor Pchelkin
2023-12-05 18:05 ` [PATCH v3] " Fedor Pchelkin
2023-12-06 13:12 ` Christian Schoenebeck
2023-12-06 20:09 ` [PATCH v4] " Fedor Pchelkin
2023-12-07 12:54 ` Christian Schoenebeck
2023-12-11 23:21 ` Dominique Martinet
2024-01-07 7:56 ` Vitaly Chikunov
2024-01-07 9:48 ` Fedor Pchelkin
2024-01-07 10:14 ` Vitaly Chikunov
2024-01-07 10:26 ` Dominique Martinet
2023-12-11 13:51 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZW7t_rq_a2ag5eoU@codewreck.org \
--to=asmadeus@codewreck.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=ericvh@kernel.org \
--cc=khoroshilov@ispras.ru \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux_oss@crudebyte.com \
--cc=lucho@ionkov.net \
--cc=lvc-project@linuxtesting.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pchelkin@ispras.ru \
--cc=v9fs@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.