LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The timer API: size or type safety?

The timer API: size or type safety?

Posted Dec 7, 2006 5:47 UTC (Thu) by thedevil (subscriber, #32913)
Parent article: The timer API: size or type safety?

"if we get it wrong produces a /very/ trivial crash that is trivial to fix"

Perhaps it's just me, but this sounds quite wrong. If the timer_list passed to add_timer is not embedded in any larger structure but the callback expects it to be (or if it is embedded in a larger structure of the wrong type), the callback will simply use whatever random garbage follows the timer_list in kernel memory. This is actually the *worst* kind of bug. It may appear to work most of the time because the following data is zero and the callback interprets zero as some kind of default. Ouch! I am with Viro all the way on this one.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds