1. 30 Mar, 2010 1 commit
    • Julia Lawall's avatar
      drivers/serial/sunsu.c: Correct use after free · c4a3987f
      Julia Lawall authored
      The of_iounmap is at the out_unmap label, but at that point up has already
      been freed.  The free cannot be moved to the out_unmap label, because that
      label is reachable from cases where up should not be freed.  So the call to
      of_iounmap is just duplicated, and the goto converted to a return.
      
      A simplified version of the semantic match that finds this problem is as
      follows: (http://coccinelle.lip6.fr/)
      
      // <smpl>
      @@
      expression x,e;
      identifier f;
      iterator I;
      statement S;
      @@
      
      *kfree(x);
      ... when != &x
          when != x = e
          when != I(x,...) S
      *x->f
      // </smpl>
      Signed-off-by: default avatarJulia Lawall <julia@diku.dk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c4a3987f
  2. 29 Mar, 2010 1 commit
  3. 28 Mar, 2010 1 commit
  4. 27 Mar, 2010 1 commit
  5. 16 Mar, 2010 3 commits
  6. 14 Mar, 2010 1 commit
  7. 08 Mar, 2010 1 commit
  8. 03 Mar, 2010 4 commits
  9. 02 Mar, 2010 12 commits
  10. 01 Mar, 2010 15 commits