public inbox for linux-mtd@lists.infradead.org
 help / color / mirror / Atom feed
From: Thomas Gleixner <tglx@linutronix.de>
To: "Pierre.Ricadat@UTBM.fr" <Pierre.Ricadat@utbm.fr>
Cc: linux-mtd@lists.infradead.org
Subject: Re: [PATCH] separate routine to check jffs2_flash_read
Date: Sun, 13 Nov 2005 21:36:07 +0100	[thread overview]
Message-ID: <1131914167.32542.37.camel@tglx.tec.linutronix.de> (raw)
In-Reply-To: <1131711929.43748db9e757d@webmail2.utbm.fr>

On Fri, 2005-11-11 at 13:25 +0100, Pierre.Ricadat@UTBM.fr wrote:
> Quoting Jörn Engel <joern@wohnheim.fh-wedel.de>:
> > > Here is the new patch for current cvs.
> >
> > Unfortunately in DOS format (0x13,0x10 line breaks).  Can you respin
> > it into Unix format?
> 
> Oops. Sorry. This is the good one.

Good ? As long as we restrict the view to the file format.

The patch introduces:

- memory leaks
- use after free
- kfree of pointers pointing to a variable on the stack

Have a close look at all callers of this function.

In general, hiding kfree(var) in the error path of a global function,
which purpose is to read data from flash and handle the error conditions
in terms of messages and return value, is a secure source for above
problems. 

When neither the author himself nor a reviewer recognizes the hidden
trouble, how is an innocent user supposed not to trap into this ?

Unfortunately the patch was applied already. Fixed in CVS.

BTW, can we please start to add DocBook comments to new functions or to
functions which are reworked ? That way the documentation of the global
functions might be reality some day.


	tglx

      reply	other threads:[~2005-11-13 20:31 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-10-26  7:32 [PATCH] separate routine to check jffs2_flash_read Pierre.Ricadat@UTBM.fr
2005-10-28 14:27 ` Jörn Engel
2005-10-31 10:12   ` pierre.ricadat@utbm.fr
2005-10-31 14:33     ` Jörn Engel
2005-10-31 15:16       ` pierre.ricadat@utbm.fr
2005-10-31 15:24         ` Jörn Engel
2005-11-11  9:44           ` Pierre.Ricadat@UTBM.fr
2005-11-11 10:08             ` Jörn Engel
     [not found]               ` <1131707642.43747cfa9454b@webmail2.utbm.fr>
2005-11-11 12:13                 ` Jörn Engel
2005-11-11 12:25                   ` Pierre.Ricadat@UTBM.fr
2005-11-13 20:36                     ` Thomas Gleixner [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1131914167.32542.37.camel@tglx.tec.linutronix.de \
    --to=tglx@linutronix.de \
    --cc=Pierre.Ricadat@utbm.fr \
    --cc=linux-mtd@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox