artulab
projects
/
openbsd
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
4262f7c
)
avoid a use after free in a path taken if malloc M_NOWAIT fails
author
jsg
<jsg@openbsd.org>
Fri, 4 Jun 2021 07:29:54 +0000
(07:29 +0000)
committer
jsg
<jsg@openbsd.org>
Fri, 4 Jun 2021 07:29:54 +0000
(07:29 +0000)
sys/dev/pci/drm/dma-resv.c
patch
|
blob
|
history
diff --git
a/sys/dev/pci/drm/dma-resv.c
b/sys/dev/pci/drm/dma-resv.c
index
46143dd
..
554acb7
100644
(file)
--- a/
sys/dev/pci/drm/dma-resv.c
+++ b/
sys/dev/pci/drm/dma-resv.c
@@
-474,7
+474,10
@@
int dma_resv_get_fences_rcu(struct dma_resv *obj,
nshared = kmalloc(sz, GFP_NOWAIT | __GFP_NOWARN);
if (nshared != NULL && shared != NULL)
memcpy(nshared, shared, sz);
- kfree(shared);
+ if (nshared) {
+ kfree(shared);
+ shared = NULL;
+ }
#endif
if (!nshared) {
rcu_read_unlock();
@@
-489,6
+492,7
@@
int dma_resv_get_fences_rcu(struct dma_resv *obj,
if (nshared != NULL && shared != NULL)
memcpy(nshared, shared, sz);
kfree(shared);
+ shared = NULL;
#endif
if (nshared) {
shared = nshared;
projects / openbsd / commitdiff