* [PATCH] kconfig: delay symbol direct dependency initialization
@ 2010-09-26 20:22 Arnaud Lacombe
2010-09-27 10:51 ` Catalin Marinas
0 siblings, 1 reply; 2+ messages in thread
From: Arnaud Lacombe @ 2010-09-26 20:22 UTC (permalink / raw)
To: Michal Marek; +Cc: linux-kbuild, Arnaud Lacombe, Catalin Marinas
This fixes the use-after-free and associated crash in kconfig introduced
in commit 246cf9c26bf11f2bffbecea6e5bd222eee7b1df8.
Signed-off-by: Arnaud Lacombe <lacombar@gmail.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
---
scripts/kconfig/expr.h | 1 -
| 7 ++-----
2 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/scripts/kconfig/expr.h b/scripts/kconfig/expr.h
index 2b95a58..2788c7a 100644
--- a/scripts/kconfig/expr.h
+++ b/scripts/kconfig/expr.h
@@ -165,7 +165,6 @@ struct menu {
struct symbol *sym;
struct property *prompt;
struct expr *dep;
- struct expr *dir_dep;
unsigned int flags;
char *help;
struct file *file;
--git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
index 4fb5902..edda8b4 100644
--- a/scripts/kconfig/menu.c
+++ b/scripts/kconfig/menu.c
@@ -107,7 +107,6 @@ static struct expr *menu_check_dep(struct expr *e)
void menu_add_dep(struct expr *dep)
{
current_entry->dep = expr_alloc_and(current_entry->dep, menu_check_dep(dep));
- current_entry->dir_dep = current_entry->dep;
}
void menu_set_type(int type)
@@ -291,10 +290,6 @@ void menu_finalize(struct menu *parent)
for (menu = parent->list; menu; menu = menu->next)
menu_finalize(menu);
} else if (sym) {
- /* ignore inherited dependencies for dir_dep */
- sym->dir_dep.expr = expr_transform(expr_copy(parent->dir_dep));
- sym->dir_dep.expr = expr_eliminate_dups(sym->dir_dep.expr);
-
basedep = parent->prompt ? parent->prompt->visible.expr : NULL;
basedep = expr_trans_compare(basedep, E_UNEQUAL, &symbol_no);
basedep = expr_eliminate_dups(expr_transform(basedep));
@@ -325,6 +320,8 @@ void menu_finalize(struct menu *parent)
parent->next = last_menu->next;
last_menu->next = NULL;
}
+
+ sym->dir_dep.expr = parent->dep;
}
for (menu = parent->list; menu; menu = menu->next) {
if (sym && sym_is_choice(sym) &&
--
1.7.2.30.gc37d7.dirty
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] kconfig: delay symbol direct dependency initialization
2010-09-26 20:22 [PATCH] kconfig: delay symbol direct dependency initialization Arnaud Lacombe
@ 2010-09-27 10:51 ` Catalin Marinas
0 siblings, 0 replies; 2+ messages in thread
From: Catalin Marinas @ 2010-09-27 10:51 UTC (permalink / raw)
To: Arnaud Lacombe; +Cc: Michal Marek, linux-kbuild
On Sun, 2010-09-26 at 21:22 +0100, Arnaud Lacombe wrote:
> This fixes the use-after-free and associated crash in kconfig introduced
> in commit 246cf9c26bf11f2bffbecea6e5bd222eee7b1df8.
>
> Signed-off-by: Arnaud Lacombe <lacombar@gmail.com>
> Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Thanks for this.
Michal, could we please push this to mainline before 2.6.36 is released?
It fixes a serious bug IMHO. Thanks.
--
Catalin
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-09-27 10:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-09-26 20:22 [PATCH] kconfig: delay symbol direct dependency initialization Arnaud Lacombe
2010-09-27 10:51 ` Catalin Marinas
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox