New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Uninitialized next pointer for pci device may crash kernel #25
Comments
Good point. I think that this line: Line 91 in d1a53ab
is useless because I think that instead of setting What do you think? |
BTW, It's amazing how you are viewing this code at the same time I was. Today I've been precisely touching these PCI functions. 😃 |
Yes, initializing |
I think there are still other bugs because |
Hmm, looks to me like it should exit the while loop when it reaches the end of the list. |
Thank you. |
When a pci device structure is added to the new linked list implementation its
next
pointer may be uninitialized. It should be set to NULL.A new struct pci_device is initialized from a passed in variable pci_dev:
Fiwix/drivers/pci/pci.c
Line 99 in d1a53ab
However, that structure is allocated on the stack in
scan_bus
so some members may be uninitialized:Fiwix/drivers/pci/pci.c
Lines 112 to 117 in d1a53ab
If pci_dev has a non-NULL
next
pointer, the kernel may attempt to access that memory which may be invalid and may crash the kernel.Whether the crash is reproducible depends on the contents of stack memory which depends on many factors, so I have no easy way of providing a test case that triggers the problem. It always crashes for me and setting
next
to NULL fixes it.The text was updated successfully, but these errors were encountered: