diff options
| author | Jakub Jermar <Jakub.Jermar@Sun.COM> | 2010-06-29 16:03:17 +0200 |
|---|---|---|
| committer | Jakub Jermar <Jakub.Jermar@Sun.COM> | 2010-06-29 16:03:17 +0200 |
| commit | 72b703890acc1682901e7ab4df40758e3c4399d8 (patch) | |
| tree | 3b53c47d870b9673de9244e100a449b224740243 | |
| parent | ff19e029e81c950f4e0f40f1f1ee1f7d8f8d8041 (diff) | |
| download | illumos-joyent-72b703890acc1682901e7ab4df40758e3c4399d8.tar.gz | |
6957730 cpuid_amd_getids() uses uninitialized variable coreidsz
6957751 nb_fini() leaks memory
6957783 nb_dev_reinit() leaks memory
6957795 Use-after-free in fm_nvlist_create()
| -rw-r--r-- | usr/src/uts/common/os/fm.c | 2 | ||||
| -rw-r--r-- | usr/src/uts/i86pc/os/cpuid.c | 1 | ||||
| -rw-r--r-- | usr/src/uts/intel/io/intel_nb5000/nb5000_init.c | 7 |
3 files changed, 5 insertions, 5 deletions
diff --git a/usr/src/uts/common/os/fm.c b/usr/src/uts/common/os/fm.c index 78943eda82..4d1754970b 100644 --- a/usr/src/uts/common/os/fm.c +++ b/usr/src/uts/common/os/fm.c @@ -610,8 +610,8 @@ fm_nvlist_create(nv_alloc_t *nva) if (nvlist_xalloc(&nvl, NV_UNIQUE_NAME, nvhdl) != 0) { if (hdl_alloced) { - kmem_free(nvhdl, sizeof (nv_alloc_t)); nv_alloc_fini(nvhdl); + kmem_free(nvhdl, sizeof (nv_alloc_t)); } return (NULL); } diff --git a/usr/src/uts/i86pc/os/cpuid.c b/usr/src/uts/i86pc/os/cpuid.c index ca3cc93232..4a86da8c3b 100644 --- a/usr/src/uts/i86pc/os/cpuid.c +++ b/usr/src/uts/i86pc/os/cpuid.c @@ -649,6 +649,7 @@ cpuid_amd_getids(cpu_t *cpu) } else { /* Assume single-core part */ cpi->cpi_ncore_per_chip = 1; + coreidsz = 1; } cpi->cpi_clogid = cpi->cpi_pkgcoreid = diff --git a/usr/src/uts/intel/io/intel_nb5000/nb5000_init.c b/usr/src/uts/intel/io/intel_nb5000/nb5000_init.c index 0d4248b4af..752a90c048 100644 --- a/usr/src/uts/intel/io/intel_nb5000/nb5000_init.c +++ b/usr/src/uts/intel/io/intel_nb5000/nb5000_init.c @@ -20,8 +20,7 @@ */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <sys/types.h> @@ -255,7 +254,7 @@ nb_fini() kmem_free(dimmp, sizeof (nb_dimm_t)); *dimmpp = NULL; } - dimmp++; + dimmpp++; } } kmem_free(nb_dimms, sizeof (nb_dimm_t *) * nb_dimm_slots); @@ -1590,7 +1589,7 @@ nb_dev_reinit() kmem_free(dimmp, sizeof (nb_dimm_t)); *dimmpp = NULL; } - dimmp++; + dimmpp++; } } kmem_free(old_nb_dimms, sizeof (nb_dimm_t *) * dimm_slot); |