From: Konstantin Khlebnikov <khlebnikov@openvz.org>
To: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>,
Arnd Bergmann <arnd@arndb.de>,
Pavel Emelianov <xemul@parallels.com>,
Chris Metcalf <cmetcalf@tilera.com>,
Lucas De Marchi <lucas.de.marchi@gmail.com>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH linux-next] ipc: fix local variable initialization in compat_do_msg_fill()
Date: Thu, 19 Apr 2012 17:00:43 +0400 [thread overview]
Message-ID: <4F900C7B.3060607@openvz.org> (raw)
In-Reply-To: <20120419122124.15573.24504.stgit@zurg>
Konstantin Khlebnikov wrote:
> The "msgp" must points to the userspace buffer.
>
> fix for linux-next commit 774d0252d303969a7281eefd6eaccde50bb6eb6e
> ("c/r: ipc: message queue receive cleanup")
Oops, Dan Carpenter had caught this several days before me:
[patch] c/r: ipc: uninitialized variable in compat_do_msg_fill()
>
> Signed-off-by: Konstantin Khlebnikov<khlebnikov@openvz.org>
> Cc: Stanislav Kinsbursky<skinsbursky@parallels.com>
> Cc: Lucas De Marchi<lucas.de.marchi@gmail.com>
> Cc: Chris Metcalf<cmetcalf@tilera.com>
> Cc: Cyrill Gorcunov<gorcunov@openvz.org>
> Cc: Pavel Emelyanov<xemul@parallels.com>
> Cc: Arnd Bergmann<arnd@arndb.de>
> Cc: Andrew Morton<akpm@linux-foundation.org>
> ---
> ipc/compat.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ipc/compat.c b/ipc/compat.c
> index 6da376b..0c2ebd0 100644
> --- a/ipc/compat.c
> +++ b/ipc/compat.c
> @@ -363,7 +363,7 @@ static long compat_do_msg_steal(void __user *dest, struct msg_msg *msg, size_t b
>
> long compat_do_msg_fill(void __user *dest, struct msg_msg *msg, size_t bufsz)
> {
> - struct compat_msgbuf __user *msgp;
> + struct compat_msgbuf __user *msgp = dest;
> size_t msgsz;
>
> if (put_user(msg->m_type,&msgp->mtype))
>
prev parent reply other threads:[~2012-04-19 13:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-19 12:21 [PATCH linux-next] ipc: fix local variable initialization in compat_do_msg_fill() Konstantin Khlebnikov
2012-04-19 13:00 ` Konstantin Khlebnikov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F900C7B.3060607@openvz.org \
--to=khlebnikov@openvz.org \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=cmetcalf@tilera.com \
--cc=gorcunov@openvz.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lucas.de.marchi@gmail.com \
--cc=skinsbursky@parallels.com \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox