Gabriele Monaco <[email protected]> writes:
> Per-task monitors use task_mon_slot to determine which slot in the array
> to use for the monitor. During destruction, this slot is returned but
> this is done before resetting the monitor. As a result, the monitor's
> reset is in fact resetting a slot that is outside of the array
> (RV_PER_TASK_MONITOR_INIT).
Oh crap.
> Release the slot only after the reset to avoid out-of-bound memory
> access.
I think KASAN can catch this type of issue.
> Fixes: f5587d1b6ec93 ("rv: Add Hybrid Automata monitor type")
> Suggested-by: Wen Yang <[email protected]>
> Reviewed-by: Wen Yang <[email protected]>
> Signed-off-by: Gabriele Monaco <[email protected]>
Should we have
Cc: [email protected]
?
Reviewed-by: Nam Cao <[email protected]>
