Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8

Justin Carlson (carlson@sibyte.com)
Thu, 24 May 2001 15:55:32 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mikael Pettersson: "Re: [CHECKER] large stack variables (>=1K) in 2.4.4 and 2.4.4-ac8"
Previous message: Jeff Mcadams: "Re: SyncPPP Generic PPP merge"
In reply to: Alan Cox: "Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"
Next in thread: Alan Cox: "Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"
Next in thread: David S. Miller: "Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"
Reply: Alan Cox: "Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"

> > /u2/engler/mc/oses/linux/2.4.4-ac8/drivers/char/rio/rio_linux.c:1036:rio_init_datastructures: ERROR:FREE:1031:1036: WARN: Use-after-free of "RIOHosts"! set by 'kfree':1031
> > kfree (p->RIOPortp[i]);
> > rio_dprintk (RIO_DEBUG_INIT, "Not enough memory! %p %p %p %p %p\n",
> > Error --->
> > p, p->RIOHosts, p->RIOPortp, rio_termios, rio_termios);
>
> Not a bug - you need to teach your code that printf has formats that print the
> value of a pointer not dereference it
>

Take another look. p is potentially bogus here, meaning those p->RIOHosts and
p->RIOPortp references are bad.

-Justin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mikael Pettersson: "Re: [CHECKER] large stack variables (>=1K) in 2.4.4 and 2.4.4-ac8"
Previous message: Jeff Mcadams: "Re: SyncPPP Generic PPP merge"
In reply to: Alan Cox: "Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"
Next in thread: Alan Cox: "Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"
Next in thread: David S. Miller: "Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"
Reply: Alan Cox: "Re: [CHECKER] free bugs in 2.4.4 and 2.4.4-ac8"