Re: git: 81e6c0168d46 - main - lindebugfs.c: Fix possible NULL dereference

In reply to: Mark Millard : "RE: git: 81e6c0168d46 - main - lindebugfs.c: Fix possible NULL dereference"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Jean-Sébastien_Pédron <dumbbell_at_FreeBSD.org>
Date: Sun, 29 Jun 2025 18:40:02 UTC

On 24/06/2025 04:38, Mark Millard wrote:
> Jean-Sébastien Pédron <dumbbell_at_FreeBSD.org> wrote on
>>      If `debugfs_destroy()` is called early as part of error handling during
>>      initialzation, `pn->pn_data` is unset.
> 
> "is unset": Is this wording intended to mean:
> 
> A) (...)
> 
> vs.
> 
> B) guaranteed to have been set to either NULL
>     or to a valid non-NULL pointer value?
Yes, it's scenario (B). pfs_create_{file,dir}() allocates the structure 
with `M_ZERO`, thus the field is NULL at first. 
debugfs_create_{file,dir}() sets `pn_data` after 
`pfs_create_{file,dir}() returned successfully.

However, if pfs_create_{file,dir}() fails, it calls the given "destroy" 
callback before returning NULL. Therefore, when debugfs_destroy() was 
called as part of the aborted creation, it was still assuming `pn_data` 
was set to its own private data; this was not the case.

I hope that clears the issue origin.

-- 
Jean-Sébastien Pédron
The FreeBSD Project