On Sun, 27 Jun 2021 02:14:23 +0300 Aaro Koskinen aaro.koskinen@iki.fi wrote:
Hi,
On Sat, Jun 26, 2021 at 01:33:23AM +0300, Pavel Skripkin wrote:
In case of allocation failures, all code paths was jumping to this code:
err: kfree(fbi); kfree(var); kfree(fbops);
return r;
Since all 3 pointers placed on stack and don't initialized, they will be filled with some random values, which leads to deferencing random pointers in kfree(). Fix it by rewriting error handling path.
They are initialized before the first goto:
[...] fbi = NULL; var = NULL; fbops = NULL;
fbi = kzalloc(sizeof(*fbi), GFP_KERNEL); if (fbi == NULL) { r = -ENOMEM; goto err; } [...]
Hi!
Im sorry for this, I should not stay to late night reviewing the code next time :(
With regards, Pavel Skripkin