[lvc-project] [PATCH v4] net: 9p: avoid freeing uninit memory in p9pdu_vreadf

Simon Horman horms at kernel.org
Mon Dec 11 16:51:42 MSK 2023


On Wed, Dec 06, 2023 at 11:09:13PM +0300, Fedor Pchelkin wrote:
> If some of p9pdu_readf() calls inside case 'T' in p9pdu_vreadf() fails,
> the error path is not handled properly. *wnames or members of *wnames
> array may be left uninitialized and invalidly freed.
> 
> Initialize *wnames to NULL in beginning of case 'T'. Initialize the first
> *wnames array element to NULL and nullify the failing *wnames element so
> that the error path freeing loop stops on the first NULL element and
> doesn't proceed further.
> 
> Found by Linux Verification Center (linuxtesting.org).
> 
> Fixes: ace51c4dd2f9 ("9p: add new protocol support code")
> Signed-off-by: Fedor Pchelkin <pchelkin at ispras.ru>

Reviewed-by: Simon Horman <horms at kernel.org>




More information about the lvc-project mailing list