atom feed2 messages in org.kernel.vger.kernel-janitorsRe: [PATCH 2/3] net/rfkill/core.c: Av...
FromSent OnAttachments
Julia LawallMay 13, 2011 6:52 am 
Johannes BergMay 13, 2011 6:55 am 
Subject:Re: [PATCH 2/3] net/rfkill/core.c: Avoid leaving freed data in a list
From:Johannes Berg (
Date:May 13, 2011 6:55:12 am

On Fri, 2011-05-13 at 15:52 +0200, Julia Lawall wrote:

The list_for_each_entry loop can fail, in which case the list element is not removed from the list rfkill_fds. Since this list is not accessed by the loop, the addition of &data->list into the list is just moved after the loop.

The sematic match that finds this problem is as follows: (

// <smpl> @@ expression E,E1,E2; identifier l; @@

*list_add(&E->l,E1); ... when != E1 when != list_del(&E->l) when != list_del_init(&E->l) when != E = E2 *kfree(E);// </smpl>

Looks right to me, thanks!