Date: Thu, 19 May 2016 20:50:21 -0700 From: Ravi Pokala <rpokala@mac.com> To: "Jason A. Harmening" <jah@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r300258 - head/sys/dev/iicbus Message-ID: <371B94E2-E906-4F9C-9A9B-A9D35CD93D21@panasas.com> In-Reply-To: <201605200303.u4K334pG019632@repo.freebsd.org> References: <201605200303.u4K334pG019632@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----Original Message----- From: <owner-src-committers@freebsd.org> on behalf of "Jason A. Harmening" = <jah@FreeBSD.org> Date: 2016-05-19, Thursday at 20:03 To: <src-committers@freebsd.org>, <svn-src-all@freebsd.org>, <svn-src-head@= freebsd.org> Subject: svn commit: r300258 - head/sys/dev/iicbus >Author: jah >Date: Fri May 20 03:03:04 2016 >New Revision: 300258 >URL: https://svnweb.freebsd.org/changeset/base/300258 > >Log: > iic_rdwr_data->nmsgs is uint32_t, so limit the allowable number of messa= ges to prevent memory exhaustion and short allocations on 32-bit systems. Si= nce iicrdwr is intended to be a workalike of a Linux i2c-dev call, use the s= ame limit of 42 that Linux uses. > =20 > Also check the return value of copyin(9) to prevent unnecessary allocati= on in the failure case. > =20 > ... > =20 > error =3D copyin(d->msgs, buf, sizeof(*d->msgs) * d->nmsgs); >+ if (error !=3D 0) { >+ free(buf, M_IIC); >+ return (error); >+ } >=20 Hi Jason, If I=E2=80=99m reading that right, it=E2=80=99s not preventing any allocations, but it = is preventing a leak. Is that correct? Thanks, Ravi (rpokala@)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?371B94E2-E906-4F9C-9A9B-A9D35CD93D21>