Re: aic7(censored) use after free in 2.5.66

Zwane Mwaikambo (zwane@linuxpower.ca)
Tue, 1 Apr 2003 02:40:09 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew Morton: "Re: aic7(censored) use after free in 2.5.66"
Previous message: Martin J. Bligh: "2.5.66-mjb2"
In reply to: Andrew Morton: "Re: aic7(censored) use after free in 2.5.66"

On Mon, 31 Mar 2003, Andrew Morton wrote:

> The corruption was at offset 52 decimal into struct ahc_linux_device.
> Without knowing your config it is hard for me to work out what you have at
> that offset. Rebuild your kernel with -g and do:
>
> (gdb) p/d &(((struct ahc_linux_device *)0)->maxtags)
>
> until you find which member is at offset 52.
>
> Something incremented that field by one after it was freed.

(gdb) p/d &(((struct ahc_linux_device *)0)->timer.lock)
$4 = 52

That would be a lock free it appears.

-- 
function.linuxpower.ca
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: aic7(censored) use after free in 2.5.66"
Previous message: Martin J. Bligh: "2.5.66-mjb2"
In reply to: Andrew Morton: "Re: aic7(censored) use after free in 2.5.66"