review.tizen.org Git - platform/kernel/linux-amlogic.git/commit

author	Tomas Bortoli <tomasbortoli@gmail.com>
	Mon, 9 Jul 2018 22:29:43 +0000 (00:29 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 9 Sep 2018 18:01:20 +0000 (20:01 +0200)
commit	c53310d06c6ad74a0bd72883e07fe837ef840111
tree	0232c68c47149ea7897cdf58f7454412fe2ec96e	tree \| snapshot
parent	b69ef7c90e84135347f824f7a670b622f7a87989	commit \| diff

net/9p/client.c: version pointer uninitialized

commit 7913690dcc5e18e235769fd87c34143072f5dbea upstream.

The p9_client_version() does not initialize the version pointer. If the
call to p9pdu_readf() returns an error and version has not been allocated
in p9pdu_readf(), then the program will jump to the "error" label and will
try to free the version pointer. If version is not initialized, free()
will be called with uninitialized, garbage data and will provoke a crash.

Link: http://lkml.kernel.org/r/20180709222943.19503-1-tomasbortoli@gmail.com
Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
Reported-by: syzbot+65c6b72f284a39d416b4@syzkaller.appspotmail.com
Reviewed-by: Jun Piao <piaojun@huawei.com>
Reviewed-by: Yiwen Jiang <jiangyiwen@huawei.com>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>