use after free bugs
Ted Unangst
tedu at coverity.com
Fri Aug 20 11:15:32 PDT 2004
these are results from running Coverity's analysis over Freebsd 4.10 kernel.
two improper loops:
if_ef.c:566 and atapi-all.c
ng_socket.c: possible double free of resp 815 and 870, depending on
caller context. is this possible?
if_bfe.c: double call to bfe_release_resources will free lots of stuff
twice on failure.
aha_isa.c: aha_isa_attach: aha_free free "aha", can't use it
afterwards, lots of examples.
More information about the freebsd-hackers
mailing list