some bugs in the kernel
Andrey Simonenko
simon at comsys.ntu-kpi.kiev.ua
Wed Mar 16 07:08:12 PST 2005
On Mon, Mar 14, 2005 at 01:25:21PM -0800, Ted Unangst wrote:
>
> NULL pointer dereference
> File: usr/home/tedu/src/sys/pci/if_ti.c
> Function: ti_setmulti
> malloc return at 1628 is not checked against NULL.
Similar errors (lines numbers from 5.3-RELEASE):
i386/i386/bios.c
516 devnodebuf = malloc(bigdev + (sizeof(struct pnp_sysdevargs) - sizeof(struct pnp_sysdev)),
517 M_DEVBUF, M_NOWAIT);
pci/if_dc.c
1443 m = malloc(sizeof(struct dc_mediainfo), M_DEVBUF, M_NOWAIT | M_ZERO);
1482 m = malloc(sizeof(struct dc_mediainfo), M_DEVBUF, M_NOWAIT | M_ZERO);
1498 m = malloc(sizeof(struct dc_mediainfo), M_DEVBUF, M_NOWAIT | M_ZERO);
1517 sc->dc_srom = malloc(size, M_DEVBUF, M_NOWAIT);
1717 sc->dc_pnic_rx_buf = malloc(DC_RXLEN * 5, M_DEVBUF, M_NOWAIT);
pci/if_sk.c
435 sc->sk_vpd_prodname = malloc(res.vr_len + 1, M_DEVBUF, M_NOWAIT);
447 sc->sk_vpd_readonly = malloc(res.vr_len, M_DEVBUF, M_NOWAIT);
1412 port = malloc(sizeof(int), M_DEVBUF, M_NOWAIT);
1417 port = malloc(sizeof(int), M_DEVBUF, M_NOWAIT);
More information about the freebsd-hackers
mailing list