* [BUG]drivers: usb: serial: mos7840.c: dangling pointer in function mos7840_open
@ 2021-08-01 9:03 nil Yi
2021-08-01 12:15 ` Greg KH
0 siblings, 1 reply; 4+ messages in thread
From: nil Yi @ 2021-08-01 9:03 UTC (permalink / raw)
To: johan, linux-usb
Hi, there is a dangling pointer in mos7840_port->write_urb_pool[j] in function
mos7840_open in v5.14-rc3.
in function mos7840_open err path :
717: err:
718: for (j = 0; j < NUM_URBS; ++j) {
719: urb = mos7840_port->write_urb_pool[j];
720: if (!urb)
721: continue;
722: kfree(urb->transfer_buffer);
723: usb_free_urb(urb);
}
leave a dangling pointer here, I'm not sure whether it can be
triggered somewhere.
Any feedback would be appreciated, thanks :)
Best wishes,
Nil Yi
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [BUG]drivers: usb: serial: mos7840.c: dangling pointer in function mos7840_open
2021-08-01 9:03 [BUG]drivers: usb: serial: mos7840.c: dangling pointer in function mos7840_open nil Yi
@ 2021-08-01 12:15 ` Greg KH
2021-08-07 3:45 ` nil Yi
0 siblings, 1 reply; 4+ messages in thread
From: Greg KH @ 2021-08-01 12:15 UTC (permalink / raw)
To: nil Yi; +Cc: johan, linux-usb
On Sun, Aug 01, 2021 at 05:03:30PM +0800, nil Yi wrote:
> Hi, there is a dangling pointer in mos7840_port->write_urb_pool[j] in function
> mos7840_open in v5.14-rc3.
>
> in function mos7840_open err path :
>
> 717: err:
> 718: for (j = 0; j < NUM_URBS; ++j) {
> 719: urb = mos7840_port->write_urb_pool[j];
> 720: if (!urb)
> 721: continue;
> 722: kfree(urb->transfer_buffer);
> 723: usb_free_urb(urb);
> }
>
> leave a dangling pointer here, I'm not sure whether it can be
> triggered somewhere.
What exactly do you mean by "dangling pointer"? What specifically is
the bug here?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [BUG]drivers: usb: serial: mos7840.c: dangling pointer in function mos7840_open
2021-08-01 12:15 ` Greg KH
@ 2021-08-07 3:45 ` nil Yi
2021-08-07 5:20 ` Greg KH
0 siblings, 1 reply; 4+ messages in thread
From: nil Yi @ 2021-08-07 3:45 UTC (permalink / raw)
To: Greg KH; +Cc: johan, linux-usb
Sorry for the ambiguous description. I mean after usb_free_urb(urb) at line 723,
do we need set NULL to mos7840_port->write_urb_pool[j], otherwise the
freed urb pointer
may be used somewhere?
Sorry for the non-specfic comment again.
thanks,
Nil Yi
Greg KH <gregkh@linuxfoundation.org> 于2021年8月1日周日 下午8:15写道:
>
> On Sun, Aug 01, 2021 at 05:03:30PM +0800, nil Yi wrote:
> > Hi, there is a dangling pointer in mos7840_port->write_urb_pool[j] in function
> > mos7840_open in v5.14-rc3.
> >
> > in function mos7840_open err path :
> >
> > 717: err:
> > 718: for (j = 0; j < NUM_URBS; ++j) {
> > 719: urb = mos7840_port->write_urb_pool[j];
> > 720: if (!urb)
> > 721: continue;
> > 722: kfree(urb->transfer_buffer);
> > 723: usb_free_urb(urb);
> > }
> >
> > leave a dangling pointer here, I'm not sure whether it can be
> > triggered somewhere.
>
> What exactly do you mean by "dangling pointer"? What specifically is
> the bug here?
>
> thanks,
>
> greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [BUG]drivers: usb: serial: mos7840.c: dangling pointer in function mos7840_open
2021-08-07 3:45 ` nil Yi
@ 2021-08-07 5:20 ` Greg KH
0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2021-08-07 5:20 UTC (permalink / raw)
To: nil Yi; +Cc: johan, linux-usb
A: http://en.wikipedia.org/wiki/Top_post
Q: Were do I find info about this thing called top-posting?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
A: No.
Q: Should I include quotations after my reply?
http://daringfireball.net/2007/07/on_top
On Sat, Aug 07, 2021 at 11:45:54AM +0800, nil Yi wrote:
> Sorry for the ambiguous description. I mean after usb_free_urb(urb) at line 723,
> do we need set NULL to mos7840_port->write_urb_pool[j], otherwise the
> freed urb pointer
> may be used somewhere?
How exactly could it be "used somewhere"? I do not understand the
problem that you are trying to point out here. Perhaps you could make a
patch to show how you think it needs to be fixed?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-08-07 5:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-01 9:03 [BUG]drivers: usb: serial: mos7840.c: dangling pointer in function mos7840_open nil Yi
2021-08-01 12:15 ` Greg KH
2021-08-07 3:45 ` nil Yi
2021-08-07 5:20 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).