Opened 13 years ago

Closed 6 years ago

Last modified 6 years ago

#364 closed defect (fixed)

Possible NULL pointer dereference in async.c

Reported by: Martin Decky Owned by: Jiří Zárevúcky
Priority: major Milestone: 0.7.2
Component: helenos/lib/c Version: mainline
Keywords: Cc:
Blocker for: Depends on:
See also:

Description

There are several possible cases of NULL pointer dereference in async.c, e.g. due to async_send_fast() returning a zero AID (because of a failed malloc()) and subsequently dereferencing the AID as amsg_t in async_wait_for().

The problem needs to be mitigated either by using a blocking malloc() (but this might be complicated and deadlock-prone) or making all the "tail" functions such as async_wait_for() more robust.

Change History (6)

comment:1 by Jakub Jermář, 12 years ago

Milestone: 0.5.00.5.1

Retargeting as this is not a regression from previous release.

comment:2 by Jakub Jermář, 10 years ago

Milestone: 0.6.00.7.1

comment:3 by Jakub Jermář, 6 years ago

Milestone: 0.7.1

comment:4 by Jiří Zárevúcky, 6 years ago

Owner: changed from Jakub Jermář to Jiří Zárevúcky
Status: newaccepted

comment:5 by Jiří Zárevúcky, 6 years ago

Resolution: fixed
Status: acceptedclosed

Fixed via bd9e86.

comment:6 by Jakub Jermář, 6 years ago

Milestone: 0.7.2
Note: See TracTickets for help on using tickets.