Hi Oliver,
On 09/09/2009 09:25 AM, Oliver Hartkopp wrote:
> Sebastian Haas wrote:
[snip]
>> + cf = (struct can_frame *)skb_put(skb, sizeof(struct can_frame));
>> + memset(cf, 0, sizeof(struct can_frame));
>
> Please remove the memset.
>
>> +
>> + cf->can_id = msg->msg.canmsg.id;
>> + cf->can_dlc = msg->msg.canmsg.length> 8 ? 8 : msg->msg.canmsg.length;
>> +
>> + if (msg->type == CPC_MSG_T_XCAN || msg->type == CPC_MSG_T_XRTR)
>> + cf->can_id |= CAN_EFF_FLAG;
>> +
>> + if (msg->type == CPC_MSG_T_RTR || msg->type == CPC_MSG_T_XRTR) {
>> + cf->can_id |= CAN_RTR_FLAG;
>> + } else {
>> + *(u64 *)(&cf->data) = 0; /* clear payload */
>
> And this also (which is also doubled regarding the memset() above).
>
> can_dlc gives the information about valid data[] and the rest may be
> uninitialized.
>
> @Wolfgang: Is the leakage of kernel memory a problem in this case?
>
> Like here:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e84b90ae5eb3c112d1f208964df1d8156a538289
Well, I do not understand why a missing memset could cause a memory
leak. Do you have more information?
Wolfgang.
_______________________________________________
Socketcan-core mailing list
Socketcan-core@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/socketcan-core
