UBIFS: remove invalid reference to list iterator variable - linux-dev - Linux kernel development work

diff options

author	Julia Lawall <Julia.Lawall@lip6.fr>	2012-07-09 09:27:14 +0200
committer	Artem Bityutskiy <artem.bityutskiy@linux.intel.com>	2012-07-20 10:27:25 +0300
commit	7074e5eb233343e4bad8c0a3f9e73167cf85a159 (patch)
tree	0910c11994429ac78cc55fdbc2f217b630280dd4 /drivers/target/target_core_iblock.h
parent	UBIFS: simplify reply code a bit (diff)
download	linux-dev-7074e5eb233343e4bad8c0a3f9e73167cf85a159.tar.xz linux-dev-7074e5eb233343e4bad8c0a3f9e73167cf85a159.zip

UBIFS: remove invalid reference to list iterator variable

If list_for_each_entry, etc complete a traversal of the list, the iterator variable ends up pointing to an address at an offset from the list head, and not a meaningful structure. Thus this value should not be used after the end of the iterator. Replace a field access from orphan by NULL in two places. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ identifier c; expression E; iterator name list_for_each_entry; statement S; @@ list_for_each_entry(c,...) { ... when != break; when forall when strict } ... ( c = E | *c ) // </smpl> Artem: fortunately, this did not cause any issues because we iterate the orphan list using the elements count, so we never dereferenced the corrupted pointer. This is why I do not send this patch to -stable. But otherwise - well spotted! Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>

Diffstat (limited to 'drivers/target/target_core_iblock.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: