Linux 2.6.30 exploit posted
Posted Jul 19, 2009 22:15 UTC (Sun) by madscientist
In reply to: Linux 2.6.30 exploit posted
Parent article: Linux 2.6.30 exploit posted
I've been seeing a series of patches going in on various mailing lists that fix problems like this over the last few days. The issue is that the kernel uses lots of complex data structures, and programmers want to simplify the code by creating local variables. So, you might see a function like:
int foo(struct bar *barp)
struct subbar *sb = barp->sub;
if (!barp) die...
In this context it's not so hard to see, but in a function with lots of local variables, and which has been constructed over time (as the kernel structures add more abstraction), it might not be so clear.
It is true that even the most basic static code analysis tool will find this. I remember Coverity was doing "pro bono" checking of the kernel for a while; is that still going on? Maybe they haven't done 2.6.30 yet? Or maybe this class of errors was deemed low priority?
to post comments)