Author: Julia Lawall <julia@diku.dk> In the default case the lock is not unlocked. The return is converted to a goto, to share the unlock at the end of the function. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier f; @@ f (…) …
Category: Linux
Apr 07 2010
drivers/gpio/timbgpio.c: add missing unlock
Author: Julia Lawall <julia@diku.dk> In an error handling case the lock is not unlocked. The return is converted to a goto, to share the unlock at the end of the function. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier f; @@ f …
Apr 07 2010
drivers/char/amiserial.c: add missing local_irq_restore
Author: Julia Lawall <julia@diku.dk> rs_init() is failing to restore interrupts on two error paths, and is incorrectly calling tty_unregister_driver() with local interrupts disabled. Fix these things by disabling interrupts later, after the reauest_irq() calls. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier …
Apr 06 2010
V4L/DVB: drivers/media/video: avoid NULL dereference
Author: Julia Lawall <julia@diku.dk> It seems impossible for ov to be NULL at this point. The semantic match that finds the problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E, E1; identifier f; statement S1,S3; iterator iter; @@ if ((E == NULL && …) || …) { … when != false ((E == NULL …
Apr 02 2010
ALSA: echoaudio – Eliminate use after free
Author: Julia Lawall <julia@diku.dk> Use the call to snd_card_free in the error handling code at the end of the function, as in the other error cases. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression E,E2; @@ snd_card_free(E) … ( E = E2 | * E …
Apr 02 2010
mtd: maps: Eliminate use after free
Author: Julia Lawall <julia@diku.dk> Moved the debugging message before the call to map_destroy, which frees its argument. The message is also slightly changed to reflect its new position. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression E,E2; @@ del_mtd_device(E) … ( E = E2 | …
Apr 02 2010
powerpc/pseries/dlpar: Eliminate use after free
Author: Julia Lawall <julia@diku.dk> dlpar_free_cc_nodes frees its argument, so dlpar_online_cpu should not be called on the same value. Skip over the call to dlpar_online_cpu by jumping directly to out. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression E,E2; @@ dlpar_free_cc_nodes(E) … ( E = E2 …
Mar 30 2010
drivers/serial/sunsu.c: Correct use after free
Author: Julia Lawall <julia@diku.dk> The of_iounmap is at the out_unmap label, but at that point up has already been freed. The free cannot be moved to the out_unmap label, because that label is reachable from cases where up should not be freed. So the call to of_iounmap is just duplicated, and the goto converted to …
Mar 29 2010
ring-buffer: Add missing unlock
Author: Julia Lawall <julia@diku.dk> In some error handling cases the lock is not unlocked. The return is converted to a goto, to share the unlock at the end of the function. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier f; @@ f …
Mar 29 2010
USB: gadget: s3c-hsotg: Add missing unlock
Author: Julia Lawall <julia@diku.dk> In an error handling case the lock is not unlocked. The return is converted to a goto, to share the unlock at the end of the function. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier f; @@ f …
