From: Guoqing Jiang <gqjiang@suse.com>
To: Jes Sorensen <Jes.Sorensen@redhat.com>
Cc: linux-raid <linux-raid@vger.kernel.org>,
Goldwyn Rodrigues <rgoldwyn@suse.com>, NeilBrown <neilb@suse.de>
Subject: Re: use after free bug in b98043a2f8e7bb5b1918e2e02778f822f9dd4d3a
Date: Tue, 08 Mar 2016 00:33:58 +0800 [thread overview]
Message-ID: <56DDAD76.60402@suse.com> (raw)
In-Reply-To: <wrfjy49yym97.fsf@redhat.com>
On 03/05/2016 05:19 AM, Jes Sorensen wrote:
> Hi,
>
> I was looking at ExamineBitmap() and noticed that your patch below,
> seems to introduce a use after free bug.
>
> commit b98043a2f8e7bb5b1918e2e02778f822f9dd4d3a
> Author: Guoqing Jiang <gqjiang@suse.com>
> Date: Wed Jun 10 13:42:07 2015 +0800
>
> Show all bitmaps while examining bitmap
>
> This adds capability of exmining bitmaps corresponding to all
> nodes/slots on the device.
>
> Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
> Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
> Signed-off-by: NeilBrown <neilb@suse.de>
>
> Line 284 does a close(fd), but further down the code your patch
> introduces:
>
> + } else {
> + printf(" Cluster nodes : %d\n", sb->nodes);
> + printf(" Cluster name : %64s\n", sb->cluster_name);
> + for (i = 0; i < (int)sb->nodes; i++) {
> + if (i) {
> + free(info);
> + info = bitmap_fd_read(fd, brief);
> + sb = &info->sb;
> + }
>
> It's not totally obvious to me here what the intention is for clustered
> md here. Are you intending to use the same fd as was used at the top of
> ExamineBitmap() or is it meant to open a new fd based on each clustered
> entry?
>
> In either case, the code as it is right now is certainly not going to
> work :(
Yes, it is wrong, thanks for the catch, I will handle it too.
Best Regards,
Guoqing
prev parent reply other threads:[~2016-03-07 16:33 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-04 21:19 use after free bug in b98043a2f8e7bb5b1918e2e02778f822f9dd4d3a Jes Sorensen
2016-03-07 16:33 ` Guoqing Jiang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DDAD76.60402@suse.com \
--to=gqjiang@suse.com \
--cc=Jes.Sorensen@redhat.com \
--cc=linux-raid@vger.kernel.org \
--cc=neilb@suse.de \
--cc=rgoldwyn@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).