|
From: | Vladimir 'φ-coder/phcoder' Serbinenko |
Subject: | Re: gazillon of double-free |
Date: | Thu, 09 Sep 2010 01:44:08 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux mips64; en-US; rv:1.9.1.11) Gecko/20100805 Icedove/3.0.6 |
On 09/09/10 01:20, Robert Millan wrote:
It seems we have a ton of double-free bugs in label() and uuid() routines. Take for example grub_ext2_label(): data = grub_ext2_mount (disk); if (data) *label = grub_strndup (data->sblock.volume_name, 14); else *label = NULL; grub_free (data); If grub_ext2_mount fails, data is not allocated but we free it anyway. Or perhaps I'm missing something? (it's late here, I need some sleep)
grub_free (NULL) is a no-op on purpose: /* Deallocate the pointer PTR. */ void grub_free (void *ptr) { grub_mm_header_t p; grub_mm_region_t r; if (! ptr) return; -- Regards Vladimir 'φ-coder/phcoder' Serbinenko
[Prev in Thread] | Current Thread | [Next in Thread] |