kern/128335: [patch][cpufreq] Missing call to sbuf_delete() in two
sysctl handlers
Mateusz Guzik
mjguzik at gmail.com
Fri Oct 24 11:40:02 UTC 2008
>Number: 128335
>Category: kern
>Synopsis: [patch][cpufreq] Missing call to sbuf_delete() in two sysctl handlers
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 24 11:40:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Mateusz Guzik
>Release: 8.0-CURRENT
>Organization:
>Environment:
FreeBSD eternal 8.0-CURRENT FreeBSD 8.0-CURRENT #14: Mon Sep 15 17:38:51 CEST 2008 f at eternal:/usr/obj/srv/build/CURRENT/src/sys/ETERNAL i386
>Description:
cpufreq_levels_sysctl and cpufreq_settings_sysctl do the following:
sbuf_new(&sb, NULL, 128, SBUF_AUTOEXTEND);
[..]
sets = malloc(set_count * sizeof(*sets), M_TEMP, M_NOWAIT);
if (sets == NULL)
return (ENOMEM);
So it's possible that these function will return without freeing sb.
>How-To-Repeat:
>Fix:
Patch is attached.
Patch attached with submission follows:
--- sys/kern/kern_cpu.c.orig 2008-10-23 22:59:45.000000000 +0200
+++ sys/kern/kern_cpu.c 2008-10-23 23:00:57.000000000 +0200
@@ -919,8 +919,10 @@
/* Get settings from the device and generate the output string. */
count = CF_MAX_LEVELS;
levels = malloc(count * sizeof(*levels), M_TEMP, M_NOWAIT);
- if (levels == NULL)
+ if (levels == NULL) {
+ sbuf_delete(&sb);
return (ENOMEM);
+ }
error = CPUFREQ_LEVELS(sc->dev, levels, &count);
if (error) {
if (error == E2BIG)
@@ -958,8 +960,10 @@
/* Get settings from the device and generate the output string. */
set_count = MAX_SETTINGS;
sets = malloc(set_count * sizeof(*sets), M_TEMP, M_NOWAIT);
- if (sets == NULL)
+ if (sets == NULL) {
+ sbuf_delete(&sb);
return (ENOMEM);
+ }
error = CPUFREQ_DRV_SETTINGS(dev, sets, &set_count);
if (error)
goto out;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list