projects / dragonfly.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: d570884)
kqueue - Fix junk kfree() in doselect()
authorMatthew Dillon <dillon@apollo.backplane.com>
Tue, 10 Aug 2010 16:58:39 +0000 (09:58 -0700)
committerMatthew Dillon <dillon@apollo.backplane.com>
Tue, 10 Aug 2010 16:58:39 +0000 (09:58 -0700)
* Fix uninitialized fields which could cause kfree() to be called on
  junk data when a copyin error occurs.

* Minor cleanups.

Reported-by: swildner

sys/kern/sys_generic.c patch | blob | blame | history

diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c
index 40223eb..8d9786a 100644 (file)
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@@ -677,11 +677,11 @@ mapped_ioctl(int fd, u_long com, caddr_t uspc_data, struct ioctl_map *map,
                goto done;
        }
 
-       memp = NULL;
        if (size > sizeof (ubuf.stkbuf)) {
                memp = kmalloc(size, M_IOCTLOPS, M_WAITOK);
                data = memp;
        } else {
+               memp = NULL;
                data = ubuf.stkbuf;
        }
        if ((com & IOC_IN) != 0) {
@@ -1138,6 +1138,10 @@ doselect(int nd, fd_set *read, fd_set *write, fd_set *except,
         */
        bytes = howmany(nd, __NFDBITS) * sizeof(__fd_mask);
 
+       /* kap->read_set = NULL; not needed */
+       kap->write_set = NULL;
+       kap->except_set = NULL;
+
        error = getbits(bytes, read, &kap->read_set, &read_tmp);
        if (error == 0)
                error = getbits(bytes, write, &kap->write_set, &write_tmp);
DragonFly Project GIT Source repo