Re: git: 81e6c0168d46 - main - lindebugfs.c: Fix possible NULL dereference
- In reply to: Mark Millard : "RE: git: 81e6c0168d46 - main - lindebugfs.c: Fix possible NULL dereference"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 29 Jun 2025 18:40:02 UTC
On 24/06/2025 04:38, Mark Millard wrote: > Jean-Sébastien Pédron <dumbbell_at_FreeBSD.org> wrote on >> If `debugfs_destroy()` is called early as part of error handling during >> initialzation, `pn->pn_data` is unset. > > "is unset": Is this wording intended to mean: > > A) (...) > > vs. > > B) guaranteed to have been set to either NULL > or to a valid non-NULL pointer value? Yes, it's scenario (B). pfs_create_{file,dir}() allocates the structure with `M_ZERO`, thus the field is NULL at first. debugfs_create_{file,dir}() sets `pn_data` after `pfs_create_{file,dir}() returned successfully. However, if pfs_create_{file,dir}() fails, it calls the given "destroy" callback before returning NULL. Therefore, when debugfs_destroy() was called as part of the aborted creation, it was still assuming `pn_data` was set to its own private data; this was not the case. I hope that clears the issue origin. -- Jean-Sébastien Pédron The FreeBSD Project