Bug 9579
| Summary: | Returning from a function with a pointer to a local variable on kernel/sysctl.c | ||
|---|---|---|---|
| Product: | Process Management | Reporter: | Marcio Buss (marciobuss) |
| Component: | Other | Assignee: | process_other |
| Status: | REJECTED INVALID | ||
| Severity: | normal | CC: | akpm, ebiederm, oleg |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 2.6.23 | Subsystem: | |
| Regression: | --- | Bisected commit-id: | |
> (3) the local scope closes at line 1274 but the pointer relation
> persists after the function returns
I think this doesn't matter, we are going to kfree() this ctl_table_header,
and it was removed from root_table_header.ctl_entry.
IOW, nobody should use p, not just p->unregistering.
|
On kernel/sysctl.c, function "start_unregistering" defined at line 1261 returns with a pointer to a deallocated stack memory: (1) at line 1268 variable "wait" is declared (local scope) (2) at line 1270 the statement "p->unregistering = &wait" establishes the pointer relation (3) the local scope closes at line 1274 but the pointer relation persists after the function returns.