use after free bugs
Ted Unangst
tedu at coverity.com
Mon Aug 23 10:28:40 PDT 2004
Julian Elischer wrote:
> Ted Unangst wrote:
>
>> these are results from running Coverity's analysis over Freebsd 4.10
>> kernel.
>> two improper loops:
>> if_ef.c:566 and atapi-all.c
>>
>> ng_socket.c: possible double free of resp 815 and 870, depending on
>> caller context. is this possible?
>>
>
> I'm not seeing it..
>
> Can you show the lines in the version that is being examined?
> (So I can be sure I'm looking at the right code)
> (and how do I interpret the above report? 815 and 870 are freeing
> different things.)
sorry, typo. the file is ng_ksocket.c.
case NGM_KSOCKET_GETOPT:
if (error = sogetoopt()))
FREE(resp, M_NETGRAPH);
...
if (rptr)
*rptr = resp;
else if (resp)
FREE(resp, M_NETGRAPH);
i'm not sure if rptr is tied to the typecookie or not.
More information about the freebsd-hackers
mailing list