svn commit: r300258 - head/sys/dev/iicbus
Jason Harmening
jason.harmening at gmail.com
Fri May 20 04:00:22 UTC 2016
On 05/19/16 20:50, Ravi Pokala wrote:
> -----Original Message-----
> From: <owner-src-committers at freebsd.org> on behalf of "Jason A. Harmening" <jah at FreeBSD.org>
> Date: 2016-05-19, Thursday at 20:03
> To: <src-committers at freebsd.org>, <svn-src-all at freebsd.org>, <svn-src-head at freebsd.org>
> Subject: svn commit: r300258 - head/sys/dev/iicbus
>
>> Author: jah
>> Date: Fri May 20 03:03:04 2016
>> New Revision: 300258
>> URL: https://svnweb.freebsd.org/changeset/base/300258
>>
>> Log:
>> iic_rdwr_data->nmsgs is uint32_t, so limit the allowable number of messages to prevent memory exhaustion and short allocations on 32-bit systems. Since iicrdwr is intended to be a workalike of a Linux i2c-dev call, use the same limit of 42 that Linux uses.
>>
>> Also check the return value of copyin(9) to prevent unnecessary allocation in the failure case.
>>
>> ...
>>
>> error = copyin(d->msgs, buf, sizeof(*d->msgs) * d->nmsgs);
>> + if (error != 0) {
>> + free(buf, M_IIC);
>> + return (error);
>> + }
>>
>
> Hi Jason,
>
> If I’m reading that right, it’s not preventing any allocations, but it is preventing a leak. Is that correct?
>
> Thanks,
>
> Ravi (rpokala@)
>
>
Hi Ravi,
There shouldn't be a leak in here, but checking the result prevents
falling through the rest of the function, including the unnecessary
malloc of usrbufs right after this. It also makes the error handling
clearer.
Thanks,
Jason
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20160519/39eba908/attachment.sig>
More information about the svn-src-head
mailing list