NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/44207: memory-leak in raid-ioctl(RAIDFRAME_GET_COMPONENT_LABEL)

On Dec 8,  3:15pm, 
( wrote:
-- Subject: kern/44207: memory-leak in raid-ioctl(RAIDFRAME_GET_COMPONENT_LAB

|       While adding support for parity-maps handling the ioctl code for 
|       has been changed.
|       Accedently the memory allocated for the copyin is neither checked for 
an allocation error
|       anymore, nor the memory is freed on copyin() error or bad values in the 
just copied in parameter.

There cannot be a memory allocation error because RF_Malloc does always WAITOK
|       Another problem during attach of the raidframe driver is, that the 
number of available
|       raid devices is not reset to 0 if no memory for the softc structures 
can be allocated.
|       This of cause will be a very rare situation, but if it happens access 
to not-allocated
|       memory may happen. (Found by checking all RF_Malloc()'s in this file 
| >How-To-Repeat:
|       Found by a look into the sources.
|       You may trigger it by passing bad values in the parameter for the 
| >Fix:
|       The following fix will remove both problems.



Home | Main Index | Thread Index | Old Index