| commit | 4c982e9d3c6827afb529c7c7ce7fbe987eac24c6 | |
| author | Xi Wang <xi.wang@gmail.com> | |
| Fri, 1 Jun 2012 16:22:00 +0000 (1 12:22 -0400) | ||
| committer | Christopher Li <sparse@chrisli.org> | |
| Mon, 4 Jun 2012 22:36:31 +0000 (4 15:36 -0700) | ||
| tree | 8d2366a1a2d97e2db8b658d339d8661b2377785f | treesnapshot (tar.gz zip) |
| parent | 970d7169d75068146152ba01a66381c800dbeb71 | commitdiff |
compile-i386: fix use-after-free in func_cleanup()
compile-i386 sometimes crashes due a use-after-free error. Since
f->pseudo_list is freed first, which invalidates some atom->op* in
f->atom_list. Further checks like `atom->op1->flags & STOR_WANTS_FREE'
will read garbage, which may lead to a double free.
This patch switches the cleanup order and frees f->atom_list first.
Those marked as STOR_WANTS_FREE won't appear in f->pseudo_list.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Christopher Li <sparse@chrisli.org>
Reviewed-by: Pekka Enberg <penberg@kernel.org>
compile-i386 sometimes crashes due a use-after-free error. Since
f->pseudo_list is freed first, which invalidates some atom->op* in
f->atom_list. Further checks like `atom->op1->flags & STOR_WANTS_FREE'
will read garbage, which may lead to a double free.
This patch switches the cleanup order and frees f->atom_list first.
Those marked as STOR_WANTS_FREE won't appear in f->pseudo_list.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Christopher Li <sparse@chrisli.org>
Reviewed-by: Pekka Enberg <penberg@kernel.org>
| compile-i386.c | diffblobblamehistory |