[CRIU] [PATCH 1/3] cg: Fix use-after-free in put_ctls
Cyrill Gorcunov
gorcunov at virtuozzo.com
Mon Apr 4 10:39:13 PDT 2016
On Mon, Apr 04, 2016 at 10:08:53AM -0700, Andrew Vagin wrote:
> > --- a/criu/proc_parse.c
> > +++ b/criu/proc_parse.c
> > @@ -2302,6 +2302,7 @@ void put_ctls(struct list_head *l)
> > xfree(c->path);
> > xfree(c);
> > }
> > + INIT_LIST_HEAD(l);
>
> We are not going to use this list head in a furure and
> if we will do this, it will be a bug.
>
> So I think this patch can hide this sort of bugs.
No, exactly the reverse -- init-list-head makes list
being empty instead of carrying freed elements. And
if we might reuse it we will get exactly empty list
result.
More information about the CRIU
mailing list