Date: Mon, 23 Aug 2004 10:23:07 -0700 From: Ted Unangst <tedu@coverity.com> To: Julian Elischer <julian@elischer.org> Cc: hackers@freebsd.org Subject: Re: use after free bugs Message-ID: <412A27FB.8030207@coverity.com> In-Reply-To: <4126F9B3.8050900@elischer.org> References: <41263E77.5040500@coverity.com> <4126F9B3.8050900@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote: > Ted Unangst wrote: > >> these are results from running Coverity's analysis over Freebsd 4.10 >> kernel. >> two improper loops: >> if_ef.c:566 and atapi-all.c >> >> ng_socket.c: possible double free of resp 815 and 870, depending on >> caller context. is this possible? >> > > I'm not seeing it.. > > Can you show the lines in the version that is being examined? > (So I can be sure I'm looking at the right code) > (and how do I interpret the above report? 815 and 870 are freeing > different things.) sorry, typo. the file is ng_ksocket.c. case NGM_KSOCKET_GETOPT: if (error = sogetoopt())) FREE(resp, M_NETGRAPH); ... if (rptr) *rptr = resp; else if (resp) FREE(resp, M_NETGRAPH); i'm not sure if rptr is tied to the typecookie or not.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?412A27FB.8030207>