9579 – Returning from a function with a pointer to a local variable on kernel/sysctl.c

Bug 9579 - Returning from a function with a pointer to a local variable on kernel/sysctl.c

Summary: Returning from a function with a pointer to a local variable on kernel/sysctl.c

Status:	REJECTED INVALID

Alias:	None

Product:	Process Management
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	process_other

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-12-15 16:29 UTC by Marcio Buss
Modified:	2008-09-24 03:38 UTC (History)
CC List:	3 users (show)

See Also:
Kernel Version:	2.6.23
Subsystem:
Regression:	---
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marcio Buss 2007-12-15 16:29:56 UTC

On kernel/sysctl.c, function "start_unregistering" defined at line 1261
returns with a pointer to a deallocated stack memory:

(1) at line 1268 variable "wait" is declared (local scope)
(2) at line 1270 the statement "p->unregistering = &wait" establishes
    the pointer relation
(3) the local scope closes at line 1274 but the pointer relation
    persists after the function returns.

Comment 1 Oleg Nesterov 2007-12-16 07:14:55 UTC

> (3) the local scope closes at line 1274 but the pointer relation
>     persists after the function returns

I think this doesn't matter, we are going to kfree() this ctl_table_header,
and it was removed from root_table_header.ctl_entry.

IOW, nobody should use p, not just p->unregistering.

Note You need to log in before you can comment on or make changes to this bug.