• J
    tipc: Fix missing list initializations in struct tipc_subscription · b714295a
    Jon Maloy 提交于
    When an item of struct tipc_subscription is created, we fail to
    initialize the two lists aggregated into the struct. This has so far
    never been a problem, since the items are just added to a root
    object by list_add(), which does not require the addee list to be
    pre-initialized. However, syzbot is provoking situations where this
    addition fails, whereupon the attempted removal if the item from
    the list causes a crash.
    
    This problem seems to always have been around, despite that the code
    for creating this object was rewritten in commit 242e82cc ("tipc:
    collapse subscription creation functions"), which is still in net-next.
    
    We fix this for that commit by initializing the two lists properly.
    
    Fixes: 242e82cc ("tipc: collapse subscription creation functions")
    Reported-by: syzbot+0bb443b74ce09197e970@syzkaller.appspotmail.com
    Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    b714295a
subscr.c 5.4 KB