[Cluster-devel] kfree() of uninitialized pointer in dlm_ls_start (fs/dlm/member.c)
David Ramos
daramos at stanford.edu
Wed Feb 11 20:18:53 UTC 2015
Hello,
Our UC-KLEE tool found a kfree() of an uninitialized pointer bug in dlm_ls_start (fs/dlm/member.c).
The offending code is as follows:
677: struct dlm_config_node *nodes;
...
684: error = dlm_config_nodes(ls->ls_name, &nodes, &count);
685: if (error < 0)
686: goto fail;
...
717: fail:
718: kfree(rv);
719: kfree(nodes);
If the call to dlm_config_nodes() on line 684 fails, ‘nodes’ remains uninitialized, and it is then passed to kfree() on line 718.
Please let me know if you have any questions.
Thanks,
-David
More information about the Cluster-devel
mailing list