29 Jan
2020
29 Jan
'20
3:08 a.m.
Full_Name: Ondrej Kuznik Version: re24/master OS: URL: Submission from: (NULL) (212.159.69.225)
A look at the code highlights a few places where *alloc responses are used unchecked.
The following semantic patch is a good starting point. Currently it lists 87 sites most of which probably need adjusting.
--- malloc_check.cocci --- @@ expression E, E1; identifier ch_alloc =~ "^(ch|slap)_.*alloc.*"; identifier f =~ "(?i).*alloc.*"; identifier foo; @@
E = ( ch_alloc | entry_alloc | attr_alloc | metaconn_alloc | asyncmeta_conn_alloc | CompAlloc /* component matching has massively bitrotted */ | * f )(...); ... when != E = E1 when != E == NULL when != E != NULL ( E->foo | E[...] | *(E) ) --- malloc_check.cocci ---
Patches coming soon.