[PATCH] staging: line6: fix use-after-free bug

Greg Kroah-Hartman gregkh at linuxfoundation.org
Sat Jan 19 00:57:31 UTC 2013


On Fri, Jan 18, 2013 at 10:52:14PM +0100, Markus Grabner wrote:
> The function "line6_send_raw_message_async" now has an additional argument
> "bool copy", which indicates whether the supplied buffer should be copied into
> a dynamically allocated block of memory. The copy flag is also stored in the
> "message" struct such that the temporary memory can be freed when appropriate
> without intervention of the caller.

Why do this?  Why not either always copy it, or always not?  That would
make it simpler overall, right?

What is this fixing?

thanks,

greg k-h



More information about the devel mailing list