grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gazillon of double-free


From: Vladimir 'φ-coder/phcoder' Serbinenko
Subject: Re: gazillon of double-free
Date: Thu, 09 Sep 2010 01:44:08 +0200
User-agent: Mozilla/5.0 (X11; U; Linux mips64; en-US; rv:1.9.1.11) Gecko/20100805 Icedove/3.0.6

On 09/09/10 01:20, Robert Millan wrote:
It seems we have a ton of double-free bugs in label() and
uuid() routines.

Take for example grub_ext2_label():

   data = grub_ext2_mount (disk);
   if (data)
     *label = grub_strndup (data->sblock.volume_name, 14);
   else
     *label = NULL;
   grub_free (data);

If grub_ext2_mount fails, data is not allocated but we free it anyway.

Or perhaps I'm missing something? (it's late here, I need some sleep)

grub_free (NULL) is a no-op on purpose:
/* Deallocate the pointer PTR.  */
void
grub_free (void *ptr)
{
  grub_mm_header_t p;
  grub_mm_region_t r;

  if (! ptr)
    return;



--
Regards
Vladimir 'φ-coder/phcoder' Serbinenko




reply via email to

[Prev in Thread] Current Thread [Next in Thread]