tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: options MODULAR improvements phase 1.0



On Tue, 2 Jun 2009 18:48:53 -0700
jnemeth%victoria.tc.ca@localhost (John Nemeth) wrote:

> diff [...]

It's possible that I misinterpreted the code, but by a quick look I
think I've seen the following issue:

It's possible in module_load_plist_file() for a failure in vn_stat() or
vn_open() to set error and jump to out1, which might set *basep to NULL
(base before kmem_zalloc()) or for a failure of vn_rdrw() to cause the
buffer to be kmem_free()ed and base set again to NULL (and returned in
*basep);  However, the caller (I can't see its function name by the
diff) seems to explicitely still kmem_free(plist) in case of error
without a NULL check, and kmem_free(9) suggests freeing NULL is
illegal...

Thanks,
-- 
Matt


Home | Main Index | Thread Index | Old Index