Date: Fri, 24 Oct 2008 11:31:56 GMT From: Mateusz Guzik <mjguzik@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/128335: [patch][cpufreq] Missing call to sbuf_delete() in two sysctl handlers Message-ID: <200810241131.m9OBVujn051028@www.freebsd.org> Resent-Message-ID: <200810241140.m9OBe150034285@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 128335 >Category: kern >Synopsis: [patch][cpufreq] Missing call to sbuf_delete() in two sysctl handlers >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Oct 24 11:40:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Mateusz Guzik >Release: 8.0-CURRENT >Organization: >Environment: FreeBSD eternal 8.0-CURRENT FreeBSD 8.0-CURRENT #14: Mon Sep 15 17:38:51 CEST 2008 f@eternal:/usr/obj/srv/build/CURRENT/src/sys/ETERNAL i386 >Description: cpufreq_levels_sysctl and cpufreq_settings_sysctl do the following: sbuf_new(&sb, NULL, 128, SBUF_AUTOEXTEND); [..] sets = malloc(set_count * sizeof(*sets), M_TEMP, M_NOWAIT); if (sets == NULL) return (ENOMEM); So it's possible that these function will return without freeing sb. >How-To-Repeat: >Fix: Patch is attached. Patch attached with submission follows: --- sys/kern/kern_cpu.c.orig 2008-10-23 22:59:45.000000000 +0200 +++ sys/kern/kern_cpu.c 2008-10-23 23:00:57.000000000 +0200 @@ -919,8 +919,10 @@ /* Get settings from the device and generate the output string. */ count = CF_MAX_LEVELS; levels = malloc(count * sizeof(*levels), M_TEMP, M_NOWAIT); - if (levels == NULL) + if (levels == NULL) { + sbuf_delete(&sb); return (ENOMEM); + } error = CPUFREQ_LEVELS(sc->dev, levels, &count); if (error) { if (error == E2BIG) @@ -958,8 +960,10 @@ /* Get settings from the device and generate the output string. */ set_count = MAX_SETTINGS; sets = malloc(set_count * sizeof(*sets), M_TEMP, M_NOWAIT); - if (sets == NULL) + if (sets == NULL) { + sbuf_delete(&sb); return (ENOMEM); + } error = CPUFREQ_DRV_SETTINGS(dev, sets, &set_count); if (error) goto out; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810241131.m9OBVujn051028>