On Thu, 24 May 2001, Dawson Engler wrote:
> Boilerplate disclaimer:
> - this is part of a one-time large batch of errors. In the future,
> we'll send out incremental bug reports along with a pointer to
> the bug database on our website.
Personally, I'd like to see th
Alan Cox wrote:
>
>> return;
>>
>/u2/engler/mc/oses/linux/2.4.4-ac8/drivers/char/drm/gamma_dma.c:573:gamma_dma_send_buffers:
> ERROR:FREE:561:573: WARN: Use-after-free of "last_buf"! set by 'drm_free_buffer':561
>> DRM_DEBUG("%d running\n", current->pid);
>
>
> Left
Here's the patch to fix the io_edgeport driver. Johannes, please send
this to Linus, it's against 2.4.5-pre5.
thanks,
greg k-h
diff -Nru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
--- a/drivers/usb/serial/io_edgeport.c Thu May 24 23:18:56 2001
+++ b/drivers/usb/ser
> > > Error --->
> > > p, p->RIOHosts, p->RIOPortp, rio_termios, rio_termios);
> >
> > Not a bug - you need to teach your code that printf has formats that print the
> > value of a pointer not dereference it
> >
>
> Take another look. p is potentially bogus here, meaning those
Alan Cox writes:
> > [BUG] seems possible --- or is some precondition guarenteed?
> > /u2/engler/mc/oses/linux/2.4.4-ac8/net/ipv6/udp.c:438:udpv6_recvmsg:
>ERROR:FREE:453:438: WARN: Use-after-free of "skb"! set by 'kfree_skb':453
>
> Looks right. Left for DaveM
It's wrong, in the MSG_PEE
> [BUG] [fixed in 2.4.4]
> /u2/engler/mc/oses/linux/2.4.4-ac8/drivers/block/cciss.c:686:cciss_ioctl:
>ERROR:FREE:682:686: WARN: Use-after-free of "c"! set by 'cmd_free':682 [type=SECURITY]
> {
> /* Copy the data out of the buffer we created */
>
On Thu, 24 May 2001, Dawson Engler wrote:
> Hi All,
>
> Enclosed are 24 bugs where code uses memory that has been freed. The
> good thing about these bugs is that they are easy to fix. (Note: About
> 5 of these have had patches submitted, so this list is a bit out of
> date.)
Enclosed is a pat
On Thu, 24 May 2001, Dawson Engler wrote:
> [BUG] [BAD] Returns a freed pointer -- very very bad.
... and easy to fix.
> /u2/engler/mc/oses/linux/2.4.4/fs/proc/generic.c:438:proc_symlink:
>ERROR:FREE:430:438: WARN: Use-after-free of "ent"! set by 'kfree':430
> ent->namelen = len;
>
Hi All,
Enclosed are 24 bugs where code uses memory that has been freed. The
good thing about these bugs is that they are easy to fix. (Note: About
5 of these have had patches submitted, so this list is a bit out of
date.)
Summary
2.4.4ac8-specific errors = 4
2.4.4-specific e
9 matches
Mail list logo
