Date: Wed, 5 Aug 1998 08:01:39 +0200 (CEST) From: Stefan Eggers <seggers@semyam.dinoco.de> To: FreeBSD-gnats-submit@FreeBSD.ORG Cc: seggers@semyam.dinoco.de Subject: kern/7496: not so good coding in subr_rlist.c Message-ID: <199808050601.IAA01780@semyam.dinoco.de>
next in thread | raw e-mail | index | archive | help
>Number: 7496
>Category: kern
>Synopsis: not so good coding in subr_rlist.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Aug 4 23:10:01 PDT 1998
>Last-Modified:
>Originator: Stefan Eggers
>Organization:
none
>Release: FreeBSD 3.0-CURRENT i386
>Environment:
N/A
>Description:
While reading the source I noticed that in rlist_free in the
file kern/subr_rlist.c a pointer gets intialized before the list the
pointed to node is on was locked.
This would lead to serious trouble if rlist_free could sleep
or if some other functions get added which manipulate the list. This
fortunately seems not to happen, yet but is a potential source of
problems I think. Even if not one can argue that someone trying to
learn from this source should get a cleaner version.
>How-To-Repeat:
N/A
>Fix:
--- subr_rlist.c.ORIG Tue Jul 14 12:47:28 1998
+++ subr_rlist.c Wed Aug 5 07:47:30 1998
@@ -118,7 +118,7 @@
u_int start, end;
{
struct rlist **rlp = &rlh->rlh_list;
- struct rlist *prev_rlp = NULL, *cur_rlp = *rlp, *next_rlp = NULL;
+ struct rlist *prev_rlp = NULL, *cur_rlp, *next_rlp = NULL;
int s;
s = splhigh();
@@ -133,6 +133,7 @@
* Traverse the list looking for an entry after the one we want
* to insert.
*/
+ cur_rlp = *rlp;
while (cur_rlp != NULL) {
if (start < cur_rlp->rl_start)
break;
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808050601.IAA01780>