* [PATCH linux-next] ipc: fix local variable initialization in compat_do_msg_fill()
@ 2012-04-19 12:21 Konstantin Khlebnikov
2012-04-19 13:00 ` Konstantin Khlebnikov
0 siblings, 1 reply; 2+ messages in thread
From: Konstantin Khlebnikov @ 2012-04-19 12:21 UTC (permalink / raw)
To: linux-kernel
Cc: Stanislav Kinsbursky, Arnd Bergmann, Pavel Emelyanov,
Chris Metcalf, Lucas De Marchi, Cyrill Gorcunov, Andrew Morton
The "msgp" must points to the userspace buffer.
fix for linux-next commit 774d0252d303969a7281eefd6eaccde50bb6eb6e
("c/r: ipc: message queue receive cleanup")
Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>
Cc: Lucas De Marchi <lucas.de.marchi@gmail.com>
Cc: Chris Metcalf <cmetcalf@tilera.com>
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
---
ipc/compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipc/compat.c b/ipc/compat.c
index 6da376b..0c2ebd0 100644
--- a/ipc/compat.c
+++ b/ipc/compat.c
@@ -363,7 +363,7 @@ static long compat_do_msg_steal(void __user *dest, struct msg_msg *msg, size_t b
long compat_do_msg_fill(void __user *dest, struct msg_msg *msg, size_t bufsz)
{
- struct compat_msgbuf __user *msgp;
+ struct compat_msgbuf __user *msgp = dest;
size_t msgsz;
if (put_user(msg->m_type, &msgp->mtype))
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH linux-next] ipc: fix local variable initialization in compat_do_msg_fill()
2012-04-19 12:21 [PATCH linux-next] ipc: fix local variable initialization in compat_do_msg_fill() Konstantin Khlebnikov
@ 2012-04-19 13:00 ` Konstantin Khlebnikov
0 siblings, 0 replies; 2+ messages in thread
From: Konstantin Khlebnikov @ 2012-04-19 13:00 UTC (permalink / raw)
To: linux-kernel
Cc: Stanislav Kinsbursky, Arnd Bergmann, Pavel Emelianov,
Chris Metcalf, Lucas De Marchi, Cyrill Gorcunov, Andrew Morton
Konstantin Khlebnikov wrote:
> The "msgp" must points to the userspace buffer.
>
> fix for linux-next commit 774d0252d303969a7281eefd6eaccde50bb6eb6e
> ("c/r: ipc: message queue receive cleanup")
Oops, Dan Carpenter had caught this several days before me:
[patch] c/r: ipc: uninitialized variable in compat_do_msg_fill()
>
> Signed-off-by: Konstantin Khlebnikov<khlebnikov@openvz.org>
> Cc: Stanislav Kinsbursky<skinsbursky@parallels.com>
> Cc: Lucas De Marchi<lucas.de.marchi@gmail.com>
> Cc: Chris Metcalf<cmetcalf@tilera.com>
> Cc: Cyrill Gorcunov<gorcunov@openvz.org>
> Cc: Pavel Emelyanov<xemul@parallels.com>
> Cc: Arnd Bergmann<arnd@arndb.de>
> Cc: Andrew Morton<akpm@linux-foundation.org>
> ---
> ipc/compat.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ipc/compat.c b/ipc/compat.c
> index 6da376b..0c2ebd0 100644
> --- a/ipc/compat.c
> +++ b/ipc/compat.c
> @@ -363,7 +363,7 @@ static long compat_do_msg_steal(void __user *dest, struct msg_msg *msg, size_t b
>
> long compat_do_msg_fill(void __user *dest, struct msg_msg *msg, size_t bufsz)
> {
> - struct compat_msgbuf __user *msgp;
> + struct compat_msgbuf __user *msgp = dest;
> size_t msgsz;
>
> if (put_user(msg->m_type,&msgp->mtype))
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-04-19 13:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-19 12:21 [PATCH linux-next] ipc: fix local variable initialization in compat_do_msg_fill() Konstantin Khlebnikov
2012-04-19 13:00 ` Konstantin Khlebnikov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).