From: Dawson Engler <engler@csl.Stanford.EDU>
Date: Tue, 8 Aug 2000 18:40:17 -0700 (PDT)
/u2/engler/ic/linux-2.3.99/net/core/dev_mcast.c:174:dev_mc_add: ERROR: Unchecked use of malloc'd var 'dmi1'
What is wrong here? We check it for NULL (via the assignment to
'dmi', maybe this is tripping up your g++ extension) and drop a lock
and return an error code if so.
/u2/engler/ic/linux-2.3.99/net/core/scm.c:94:scm_fp_copy: ERROR: did not free fpl on error path
/u2/engler/ic/linux-2.3.99/net/core/scm.c:82:scm_fp_copy: ERROR: did not free fpl on error path
The data behind 'fpl' is given to the caller by the assignment to
*fplp, it cannot be freed. I believe the code is correct.
I honestly think that you need to teach your checker that if the
pointer is stored into memory before function return, it is in fact
correct to not free the memory (in fact, if it did, that is a
different bug which should be pointed out :-) even for an error path.
/u2/engler/ic/linux-2.3.99/net/sched/cls_fw.c:242:fw_change: ERROR: did not free head on error path
'head' is linked into the tcf tree, it cannot be freed.
It sets the root for the tree, even an empty one is ok, so this
code is fine.
/u2/engler/ic/linux-2.3.99/net/sched/cls_route.c:425:route4_change: ERROR: did not free head on error path
Similarly.
/u2/engler/ic/linux-2.3.99/net/sched/cls_tcindex.c:293:tcindex_change: ERROR: did not free p on error path
/u2/engler/ic/linux-2.3.99/net/sched/cls_tcindex.c:293:tcindex_change: ERROR: did not free p on error path
I can't discern what your checker is trying to point out here.
/u2/engler/ic/linux-2.3.99/net/sched/sch_gred.c:442:gred_change: ERROR: memset of unchecked var 'table'!
/u2/engler/ic/linux-2.3.99/net/sched/sch_gred.c:374:gred_change: ERROR: memset of unchecked var 'table'!
/u2/engler/ic/linux-2.3.99/net/sched/sch_gred.c:442:gred_change: ERROR: memset of unchecked var 'table'!
/u2/engler/ic/linux-2.3.99/net/sched/sch_gred.c:524:gred_dump: ERROR: did not free opt on error path
Yep broken, I've made a note to fix this file because it will take
a bit more than simple error return addition to fix the problem
properly.
/u2/engler/ic/linux-2.3.99/net/ipv4/fib_semantics.c:563:fib_create_info: ERROR: Using 'fi' illegally!
I don't understand what your checker is trying to say here.
/u2/engler/ic/linux-2.3.99/net/ipv4/ip_options.c:513:ip_options_get: ERROR: did not free opt on error path
It did free it in this case.
/u2/engler/ic/linux-2.3.99/net/ipv4/ip_options.c:502:ip_options_get: ERROR: did not free opt on error path
This one was indeed wrong, fixed in my sources.
/u2/engler/ic/linux-2.3.99/net/ipv4/ipconfig.c:160:ic_open_devs: ERROR: did not free d on error path
This one is fine, 'd' is left on the list of ic_first_dev devices so
it is ok.
/u2/engler/ic/linux-2.3.99/net/netlink/af_netlink.c:799:netlink_dump_start: ERROR: did not free cb on error path
/u2/engler/ic/linux-2.3.99/net/netlink/af_netlink.c:791:netlink_dump_start: ERROR: did not free cb on error path
Your checker obviously doesn't understand that
netlink_destroy_callback frees up the memory because your checker does
not do any global analysis :-)))
/u2/engler/ic/linux-2.3.99/net/decnet/dn_fib.c:364:dn_fib_create_info: ERROR: Using 'fi' illegally!
Same as ipv4/fib_semantics.c above, I have no idea what your checker
is trying to say here.
Later,
David S. Miller
davem@redhat.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:18 EST