Joerg Schilling wrote:
> Juergen Keil <[EMAIL PROTECTED]> wrote:
>
>> Hmm, in usr/src/uts/common/fs/hsfs/hsfs_vfsops.c function hs_mountfs(),
>> whenever we use one of the first three |goto cleanup|, the local variables
>> |svp| and |jvp| are uninitialized. That should corrupt the kernel heap
>> when we kmem_free() with an unitialized stack lock pointer in the
>> cleanup section ...
>>
>>
>>
>> struct hs_volume *svp; /* Supplemental VD for ISO-9660:1999
>> */
>> struct hs_volume *jvp; /* Joliet VD */
>>
>
> I have to admit that I am responsible for the uninitialized Joliet VD pointer.
> Duplicating code is simple and in this case even passed 4 !!!! code reviews.
>
> Does it help to intialize the pointers to NULL?
>
Sure. This code
943 if (fsp)
944 kmem_free(fsp, sizeof (*fsp));
945 if (svp)
946 kmem_free(svp, sizeof (*svp));
947 if (jvp)
948 kmem_free(jvp, sizeof (*jvp));
will behave very differently if those pointers are NULL rather than
uninitialized.
Scott
_______________________________________________
opensolaris-discuss mailing list
[email protected]
