• Al Viro's avatar
    fix braindamage in audit_tree.c untag_chunk() · 6f5d5114
    Al Viro authored
    ... aka "Al had badly fscked up when writing that thing and nobody
    noticed until Eric had fixed leaks that used to mask the breakage".
    
    The function essentially creates a copy of old array sans one element
    and replaces the references to elements of original (they are on cyclic
    lists) with those to corresponding elements of new one.  After that the
    old one is fair game for freeing.
    
    First of all, there's a dumb braino: when we get to list_replace_init we
    use indices for wrong arrays - position in new one with the old array
    and vice versa.
    
    Another bug is more subtle - termination condition is wrong if the
    element to be excluded happens to be the last one.  We shouldn't go
    until we fill the new array, we should go until we'd finished the old
    one.  Otherwise the element we are trying to kill will remain on the
    cyclic lists...
    
    That crap used to be masked by several leaks, so it was not quite
    trivial to hit.  Eric had fixed some of those leaks a while ago and the
    shit had hit the fan...
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    6f5d5114
audit_tree.c 21.7 KB