Fork us on GitHub Follow us on Google+ Follow us on Facebook Follow us on Twitter

Opened 7 years ago

Closed 2 weeks ago

Last modified 8 days ago

#364 closed defect (fixed)

Possible NULL pointer dereference in async.c

Reported by: Martin Decky Owned by: Jiří Zárevúcky
Priority: major Milestone: 0.7.2
Component: helenos/lib/c Version: mainline
Keywords: Cc:
Blocker for: Depends on:
See also:

Description

There are several possible cases of NULL pointer dereference in async.c, e.g. due to async_send_fast() returning a zero AID (because of a failed malloc()) and subsequently dereferencing the AID as amsg_t in async_wait_for().

The problem needs to be mitigated either by using a blocking malloc() (but this might be complicated and deadlock-prone) or making all the "tail" functions such as async_wait_for() more robust.

Change History (6)

comment:1 Changed 6 years ago by Jakub Jermář

Milestone: 0.5.00.5.1

Retargeting as this is not a regression from previous release.

comment:2 Changed 4 years ago by Jakub Jermář

Milestone: 0.6.00.7.1

comment:3 Changed 8 months ago by Jakub Jermář

Milestone: 0.7.1

comment:4 Changed 2 weeks ago by Jiří Zárevúcky

Owner: changed from Jakub Jermář to Jiří Zárevúcky
Status: newaccepted

comment:5 Changed 2 weeks ago by Jiří Zárevúcky

Resolution: fixed
Status: acceptedclosed

Fixed via bd9e86.

comment:6 Changed 8 days ago by Jakub Jermář

Milestone: 0.7.2
Note: See TracTickets for help on using tickets.