Hello!
I'm Philip, from Professor Dawson Engler's Meta-Compilation Group at
Stanford University.
There is a bug in zr36120.c of not freeing memory on error paths. This one
is particularly dangerous, because kmalloc allocates a memory block the
size of a memory clip! I simply free the local pointer, vcp, before
returning -EFAULT.
Warmly,
Philip
linux/2.4.4/drivers/media/video/zr36120.c Fri Mar 2 11:12:10 2001
+++ zr36120.c Mon May 21 13:26:17 2001
@@ -1195,8 +1195,10 @@
if (vcp==NULL)
return -ENOMEM;
if (vw.clipcount &&
copy_from_user(vcp,vw.clips,sizeof(struct video_clip)*vw.clipcount))
- return -EFAULT;
-
+ {
+ vfree(vcp);
+ return -EFAULT;
+ }
on = ztv->running;
if (on)
zoran_cap(ztv, 0);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
