paste02-talk

Start freed freeitx ify freeitx ify

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: freeit(x); if(y) freeit(x); if(y) } … { v:z.freed } { v:z.start->freed } foo(int *x) { freeit(y); *y { v:z.freed } { v:z.freed } kfree(z); } bar(int *y) { foo(int *x) { … bar(int *y) { { v:z.freed } { v:z.freed } { v:z.freed } freeit(y); *y … { v:z.freed } } { v:z.freed } *x *x ERROR: use after free! } } … { v:z.freed } … } … { v:z.start->freed } } ERROR: use after free! } 5 4 ) * ? )9& freeit(int *z) { kfree(z); & 7 89 (: ; ; <-9 : ; =+ ; ''- { v:z.start->freed } , % } foo(int *x) { freeit(x); if(y) … '. ' bar(int *y) { { v:z.freed } { v:y.freed } freeit(y); *y } { v:z.freed } … { v:z.freed } ! , "/ ! (0 0 *+ '0 ) ) 8 > <: = ; / { v:z.freed } ) *x '1 ERROR: use after free! ( " , +( 8 9 <: = ; ! / / } 1# " 3+ @ +9 ) +A 7 . B ) ) / 8 '3 ," " / ) ,< < ,( ' " =" ,) ' "=",) ' "=",) ,( ',) :,; ' < ,) + % . '1 '4 ' ! #25 / 78 9 ! #2 " 26 B * ) /* 2.4.9/drivers/isdn/act2000/capi.c:actcapi_dispatch */ isdn_ctrl cmd; ... while (( skb = skb_dequeue(&card->rcvq))) { msg = skb->data; ... memcpy(cmd.parm.setup.phone,msg->msg.connect_ind.addr.num , msg->msg.connect_ind.addr.len - 1); ) 2 3 #2 ) * & + /* 2.4.9-ac7/fs/intermezzo/psdev.c */ error = copy_from_user(&input , (char *)arg, sizeof(input)); input.path = kmalloc(input .path_len + 1, GFP_KERNEL); if ( !input.path ) return -ENOMEM; error =copy_from_user( input.path ,user_path, input.path_len); "6 5. > D C - * 7 ) - '> 4 7 ? 1 9 D E , 4 1 7 0 , 0 #@ # 5 6A #B #C #6 #B 5 [email protected] # #25 5 2 #$C #F #2 26 GA5$$ 78 9 7 0 AA 22 BB $$ $$ #2 #2 #2 $ $ 6 5C 6 ) '9 'D '...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online