[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gazillon of double-free
From: |
Robert Millan |
Subject: |
gazillon of double-free |
Date: |
Thu, 9 Sep 2010 01:20:40 +0200 |
It seems we have a ton of double-free bugs in label() and
uuid() routines.
Take for example grub_ext2_label():
data = grub_ext2_mount (disk);
if (data)
*label = grub_strndup (data->sblock.volume_name, 14);
else
*label = NULL;
grub_free (data);
If grub_ext2_mount fails, data is not allocated but we free it anyway.
Or perhaps I'm missing something? (it's late here, I need some sleep)
--
Robert Millan
- gazillon of double-free,
Robert Millan <=