From owner-freebsd-bugs Tue Aug 4 23:10:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA19335 for freebsd-bugs-outgoing; Tue, 4 Aug 1998 23:10:09 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA19261 for ; Tue, 4 Aug 1998 23:10:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id XAA01343; Tue, 4 Aug 1998 23:10:01 -0700 (PDT) Received: from tim.xenologics.com (tim.xenologics.com [194.77.5.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA18767 for ; Tue, 4 Aug 1998 23:06:07 -0700 (PDT) (envelope-from seggers@semyam.dinoco.de) Received: (from uucp@localhost) by tim.xenologics.com (8.8.5/8.8.8) with UUCP id IAA10003 for FreeBSD-gnats-submit@freebsd.org; Wed, 5 Aug 1998 08:02:45 +0200 (MET DST) Received: (from seggers@localhost) by semyam.dinoco.de (8.8.8/8.8.8) id IAA01780; Wed, 5 Aug 1998 08:01:39 +0200 (CEST) (envelope-from seggers) Message-Id: <199808050601.IAA01780@semyam.dinoco.de> Date: Wed, 5 Aug 1998 08:01:39 +0200 (CEST) From: Stefan Eggers Reply-To: seggers@semyam.dinoco.de To: FreeBSD-gnats-submit@FreeBSD.ORG Cc: seggers@semyam.dinoco.de X-Send-Pr-Version: 3.2 Subject: kern/7496: not so good coding in subr_rlist.c Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 7496 >Category: kern >Synopsis: not so good coding in subr_rlist.c >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 4 23:10:01 PDT 1998 >Last-Modified: >Originator: Stefan Eggers >Organization: none >Release: FreeBSD 3.0-CURRENT i386 >Environment: N/A >Description: While reading the source I noticed that in rlist_free in the file kern/subr_rlist.c a pointer gets intialized before the list the pointed to node is on was locked. This would lead to serious trouble if rlist_free could sleep or if some other functions get added which manipulate the list. This fortunately seems not to happen, yet but is a potential source of problems I think. Even if not one can argue that someone trying to learn from this source should get a cleaner version. >How-To-Repeat: N/A >Fix: --- subr_rlist.c.ORIG Tue Jul 14 12:47:28 1998 +++ subr_rlist.c Wed Aug 5 07:47:30 1998 @@ -118,7 +118,7 @@ u_int start, end; { struct rlist **rlp = &rlh->rlh_list; - struct rlist *prev_rlp = NULL, *cur_rlp = *rlp, *next_rlp = NULL; + struct rlist *prev_rlp = NULL, *cur_rlp, *next_rlp = NULL; int s; s = splhigh(); @@ -133,6 +133,7 @@ * Traverse the list looking for an entry after the one we want * to insert. */ + cur_rlp = *rlp; while (cur_rlp != NULL) { if (start < cur_rlp->rl_start) break; >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message