[PATCH] menuconfig: fix NULL pointer dereference when searching a symbol

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol
@ 2013-05-07  2:40 ` Li Zefan
  0 siblings, 0 replies; 10+ messages in thread
From: Li Zefan @ 2013-05-07  2:40 UTC (permalink / raw)
  To: Andrew Morton
  Cc: Michal Marek, Weng Meiling, Libo Chen, LKML, linux-kbuild,
	Borislav Petkov

Searching PPC_EFIKA results segmentation fault, and it's because
get_symbol_prop() returns NULL.

In this case CONFIG_PPC_EFIKA is defined in arch/powerpc/platforms/
52xx/Kconfig, so it won't be parsed if ARCH!=PPC, but menuconfig
knows this symbol when it parses sound/soc/fsl/Kconfig:

config SND_MPC52xx_SOC_EFIKA
        tristate "SoC AC97 Audio support for bbplan Efika and STAC9766"
        depends on PPC_EFIKA

This bug was introduced by commit bcdedcc1afd6 ("menuconfig: print more
info for symbol without prompts").

Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Li Zefan <lizefan@huawei.com>
---
 scripts/kconfig/menu.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
index 826da66..b5c7d90 100644
--- a/scripts/kconfig/menu.c
+++ b/scripts/kconfig/menu.c
@@ -600,14 +600,18 @@ void get_symbol_str(struct gstr *r, struct symbol *sym,
 	}
 	for_all_prompts(sym, prop)
 		get_prompt_str(r, prop, head);
+
 	prop = get_symbol_prop(sym);
-	str_printf(r, _("  Defined at %s:%d\n"), prop->menu->file->name,
-		prop->menu->lineno);
-	if (!expr_is_yes(prop->visible.expr)) {
-		str_append(r, _("  Depends on: "));
-		expr_gstr_print(prop->visible.expr, r);
-		str_append(r, "\n");
+	if (prop) {
+		str_printf(r, _("  Defined at %s:%d\n"), prop->menu->file->name,
+			prop->menu->lineno);
+		if (!expr_is_yes(prop->visible.expr)) {
+			str_append(r, _("  Depends on: "));
+			expr_gstr_print(prop->visible.expr, r);
+			str_append(r, "\n");
+		}
 	}
+
 	hit = false;
 	for_all_properties(sym, prop, P_SELECT) {
 		if (!hit) {
-- 
1.8.0.2

^ permalink raw reply related	[flat|nested] 10+ messages in thread

* [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol
@ 2013-05-07  2:40 ` Li Zefan
  0 siblings, 0 replies; 10+ messages in thread
From: Li Zefan @ 2013-05-07  2:40 UTC (permalink / raw)
  To: Andrew Morton
  Cc: Michal Marek, Weng Meiling, Libo Chen, LKML, linux-kbuild,
	Borislav Petkov

Searching PPC_EFIKA results segmentation fault, and it's because
get_symbol_prop() returns NULL.

In this case CONFIG_PPC_EFIKA is defined in arch/powerpc/platforms/
52xx/Kconfig, so it won't be parsed if ARCH!=PPC, but menuconfig
knows this symbol when it parses sound/soc/fsl/Kconfig:

config SND_MPC52xx_SOC_EFIKA
        tristate "SoC AC97 Audio support for bbplan Efika and STAC9766"
        depends on PPC_EFIKA

This bug was introduced by commit bcdedcc1afd6 ("menuconfig: print more
info for symbol without prompts").

Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Li Zefan <lizefan@huawei.com>
---
 scripts/kconfig/menu.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
index 826da66..b5c7d90 100644
--- a/scripts/kconfig/menu.c
+++ b/scripts/kconfig/menu.c
@@ -600,14 +600,18 @@ void get_symbol_str(struct gstr *r, struct symbol *sym,
 	}
 	for_all_prompts(sym, prop)
 		get_prompt_str(r, prop, head);
+
 	prop = get_symbol_prop(sym);
-	str_printf(r, _("  Defined at %s:%d\n"), prop->menu->file->name,
-		prop->menu->lineno);
-	if (!expr_is_yes(prop->visible.expr)) {
-		str_append(r, _("  Depends on: "));
-		expr_gstr_print(prop->visible.expr, r);
-		str_append(r, "\n");
+	if (prop) {
+		str_printf(r, _("  Defined at %s:%d\n"), prop->menu->file->name,
+			prop->menu->lineno);
+		if (!expr_is_yes(prop->visible.expr)) {
+			str_append(r, _("  Depends on: "));
+			expr_gstr_print(prop->visible.expr, r);
+			str_append(r, "\n");
+		}
 	}
+
 	hit = false;
 	for_all_properties(sym, prop, P_SELECT) {
 		if (!hit) {
-- 
1.8.0.2

^ permalink raw reply related	[flat|nested] 10+ messages in thread

* Re: [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol
  2013-05-07  2:40 ` Li Zefan
@ 2013-05-07  2:48   ` Libo Chen
  -1 siblings, 0 replies; 10+ messages in thread
From: Libo Chen @ 2013-05-07  2:48 UTC (permalink / raw)
  To: Li Zefan
  Cc: Andrew Morton, Michal Marek, Weng Meiling, LKML, linux-kbuild,
	Borislav Petkov

On 2013/5/7 10:40, Li Zefan wrote:
> Searching PPC_EFIKA results segmentation fault, and it's because
> get_symbol_prop() returns NULL.
> 
> In this case CONFIG_PPC_EFIKA is defined in arch/powerpc/platforms/
> 52xx/Kconfig, so it won't be parsed if ARCH!=PPC, but menuconfig
> knows this symbol when it parses sound/soc/fsl/Kconfig:
> 
> config SND_MPC52xx_SOC_EFIKA
>         tristate "SoC AC97 Audio support for bbplan Efika and STAC9766"
>         depends on PPC_EFIKA
> 
> This bug was introduced by commit bcdedcc1afd6 ("menuconfig: print more
> info for symbol without prompts").


It works!

Tested-by: Libo Chen <libo.chen@huawei.com>

> 
> Reported-by: Borislav Petkov <bp@alien8.de>
> Signed-off-by: Li Zefan <lizefan@huawei.com>
> ---
>  scripts/kconfig/menu.c | 16 ++++++++++------
>  1 file changed, 10 insertions(+), 6 deletions(-)
> 
> diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
> index 826da66..b5c7d90 100644
> --- a/scripts/kconfig/menu.c
> +++ b/scripts/kconfig/menu.c
> @@ -600,14 +600,18 @@ void get_symbol_str(struct gstr *r, struct symbol *sym,
>  	}
>  	for_all_prompts(sym, prop)
>  		get_prompt_str(r, prop, head);
> +
>  	prop = get_symbol_prop(sym);
> -	str_printf(r, _("  Defined at %s:%d\n"), prop->menu->file->name,
> -		prop->menu->lineno);
> -	if (!expr_is_yes(prop->visible.expr)) {
> -		str_append(r, _("  Depends on: "));
> -		expr_gstr_print(prop->visible.expr, r);
> -		str_append(r, "\n");
> +	if (prop) {
> +		str_printf(r, _("  Defined at %s:%d\n"), prop->menu->file->name,
> +			prop->menu->lineno);
> +		if (!expr_is_yes(prop->visible.expr)) {
> +			str_append(r, _("  Depends on: "));
> +			expr_gstr_print(prop->visible.expr, r);
> +			str_append(r, "\n");
> +		}
>  	}
> +
>  	hit = false;
>  	for_all_properties(sym, prop, P_SELECT) {
>  		if (!hit) {
> 



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol
@ 2013-05-07  2:48   ` Libo Chen
  0 siblings, 0 replies; 10+ messages in thread
From: Libo Chen @ 2013-05-07  2:48 UTC (permalink / raw)
  To: Li Zefan
  Cc: Andrew Morton, Michal Marek, Weng Meiling, LKML, linux-kbuild,
	Borislav Petkov

On 2013/5/7 10:40, Li Zefan wrote:
> Searching PPC_EFIKA results segmentation fault, and it's because
> get_symbol_prop() returns NULL.
> 
> In this case CONFIG_PPC_EFIKA is defined in arch/powerpc/platforms/
> 52xx/Kconfig, so it won't be parsed if ARCH!=PPC, but menuconfig
> knows this symbol when it parses sound/soc/fsl/Kconfig:
> 
> config SND_MPC52xx_SOC_EFIKA
>         tristate "SoC AC97 Audio support for bbplan Efika and STAC9766"
>         depends on PPC_EFIKA
> 
> This bug was introduced by commit bcdedcc1afd6 ("menuconfig: print more
> info for symbol without prompts").


It works!

Tested-by: Libo Chen <libo.chen@huawei.com>

> 
> Reported-by: Borislav Petkov <bp@alien8.de>
> Signed-off-by: Li Zefan <lizefan@huawei.com>
> ---
>  scripts/kconfig/menu.c | 16 ++++++++++------
>  1 file changed, 10 insertions(+), 6 deletions(-)
> 
> diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
> index 826da66..b5c7d90 100644
> --- a/scripts/kconfig/menu.c
> +++ b/scripts/kconfig/menu.c
> @@ -600,14 +600,18 @@ void get_symbol_str(struct gstr *r, struct symbol *sym,
>  	}
>  	for_all_prompts(sym, prop)
>  		get_prompt_str(r, prop, head);
> +
>  	prop = get_symbol_prop(sym);
> -	str_printf(r, _("  Defined at %s:%d\n"), prop->menu->file->name,
> -		prop->menu->lineno);
> -	if (!expr_is_yes(prop->visible.expr)) {
> -		str_append(r, _("  Depends on: "));
> -		expr_gstr_print(prop->visible.expr, r);
> -		str_append(r, "\n");
> +	if (prop) {
> +		str_printf(r, _("  Defined at %s:%d\n"), prop->menu->file->name,
> +			prop->menu->lineno);
> +		if (!expr_is_yes(prop->visible.expr)) {
> +			str_append(r, _("  Depends on: "));
> +			expr_gstr_print(prop->visible.expr, r);
> +			str_append(r, "\n");
> +		}
>  	}
> +
>  	hit = false;
>  	for_all_properties(sym, prop, P_SELECT) {
>  		if (!hit) {
> 



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol
  2013-05-07  2:40 ` Li Zefan
  (?)
  (?)
@ 2013-05-07 10:44 ` Borislav Petkov
  -1 siblings, 0 replies; 10+ messages in thread
From: Borislav Petkov @ 2013-05-07 10:44 UTC (permalink / raw)
  To: Li Zefan
  Cc: Andrew Morton, Michal Marek, Weng Meiling, Libo Chen, LKML, linux-kbuild

On Tue, May 07, 2013 at 10:40:59AM +0800, Li Zefan wrote:
> Searching PPC_EFIKA results segmentation fault, and it's because
> get_symbol_prop() returns NULL.
> 
> In this case CONFIG_PPC_EFIKA is defined in arch/powerpc/platforms/
> 52xx/Kconfig, so it won't be parsed if ARCH!=PPC, but menuconfig
> knows this symbol when it parses sound/soc/fsl/Kconfig:
> 
> config SND_MPC52xx_SOC_EFIKA
>         tristate "SoC AC97 Audio support for bbplan Efika and STAC9766"
>         depends on PPC_EFIKA
> 
> This bug was introduced by commit bcdedcc1afd6 ("menuconfig: print more
> info for symbol without prompts").

Yep, it works.

> Reported-by: Borislav Petkov <bp@alien8.de>

	..-and-tested-by: ...

Thanks.

-- 
Regards/Gruss,
    Boris.

Sent from a fat crate under my desk. Formatting is fine.
--

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol
  2013-05-07  2:40 ` Li Zefan
                   ` (2 preceding siblings ...)
  (?)
@ 2013-05-07 13:21 ` Yann E. MORIN
  2013-05-07 13:47   ` Michal Marek
  -1 siblings, 1 reply; 10+ messages in thread
From: Yann E. MORIN @ 2013-05-07 13:21 UTC (permalink / raw)
  To: Li Zefan
  Cc: Andrew Morton, Michal Marek, Weng Meiling, Libo Chen, LKML,
	linux-kbuild, Borislav Petkov

Li, All,

On Tue, May 07, 2013 at 10:40:59AM +0800, Li Zefan wrote:
> Searching PPC_EFIKA results segmentation fault, and it's because
> get_symbol_prop() returns NULL.
> 
> In this case CONFIG_PPC_EFIKA is defined in arch/powerpc/platforms/
> 52xx/Kconfig, so it won't be parsed if ARCH!=PPC, but menuconfig
> knows this symbol when it parses sound/soc/fsl/Kconfig:
> 
> config SND_MPC52xx_SOC_EFIKA
>         tristate "SoC AC97 Audio support for bbplan Efika and STAC9766"
>         depends on PPC_EFIKA
> 
> This bug was introduced by commit bcdedcc1afd6 ("menuconfig: print more
> info for symbol without prompts").
> 
> Reported-by: Borislav Petkov <bp@alien8.de>
> Signed-off-by: Li Zefan <lizefan@huawei.com>

Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>

Michal, I'll get this in my tree, and will send a pull-request to you
later (I may have a few other smallish fixes shortly).

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol
  2013-05-07 13:21 ` Yann E. MORIN
@ 2013-05-07 13:47   ` Michal Marek
  2013-05-07 14:06     ` Yann E. MORIN
  0 siblings, 1 reply; 10+ messages in thread
From: Michal Marek @ 2013-05-07 13:47 UTC (permalink / raw)
  To: Yann E. MORIN
  Cc: Li Zefan, Andrew Morton, Weng Meiling, Libo Chen, LKML,
	linux-kbuild, Borislav Petkov

On 7.5.2013 15:21, Yann E. MORIN wrote:
> Li, All,
> 
> On Tue, May 07, 2013 at 10:40:59AM +0800, Li Zefan wrote:
>> Searching PPC_EFIKA results segmentation fault, and it's because
>> get_symbol_prop() returns NULL.
>>
>> In this case CONFIG_PPC_EFIKA is defined in arch/powerpc/platforms/
>> 52xx/Kconfig, so it won't be parsed if ARCH!=PPC, but menuconfig
>> knows this symbol when it parses sound/soc/fsl/Kconfig:
>>
>> config SND_MPC52xx_SOC_EFIKA
>>         tristate "SoC AC97 Audio support for bbplan Efika and STAC9766"
>>         depends on PPC_EFIKA
>>
>> This bug was introduced by commit bcdedcc1afd6 ("menuconfig: print more
>> info for symbol without prompts").
>>
>> Reported-by: Borislav Petkov <bp@alien8.de>
>> Signed-off-by: Li Zefan <lizefan@huawei.com>
> 
> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> 
> Michal, I'll get this in my tree, and will send a pull-request to you
> later (I may have a few other smallish fixes shortly).

It's difficult to apply this to kbuild.git#kconfig, because the bug that
it is fixing is not there. I will send it to Linus by mail.

Michal

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol
  2013-05-07 13:47   ` Michal Marek
@ 2013-05-07 14:06     ` Yann E. MORIN
  2013-05-07 14:13       ` Michal Marek
  0 siblings, 1 reply; 10+ messages in thread
From: Yann E. MORIN @ 2013-05-07 14:06 UTC (permalink / raw)
  To: Michal Marek
  Cc: Li Zefan, Andrew Morton, Weng Meiling, Libo Chen, LKML,
	linux-kbuild, Borislav Petkov

Michal, All,

On Tue, May 07, 2013 at 03:47:18PM +0200, Michal Marek wrote:
> On 7.5.2013 15:21, Yann E. MORIN wrote:
> > Li, All,
> > 
> > On Tue, May 07, 2013 at 10:40:59AM +0800, Li Zefan wrote:
> >> Searching PPC_EFIKA results segmentation fault, and it's because
> >> get_symbol_prop() returns NULL.
> >>
> >> In this case CONFIG_PPC_EFIKA is defined in arch/powerpc/platforms/
> >> 52xx/Kconfig, so it won't be parsed if ARCH!=PPC, but menuconfig
> >> knows this symbol when it parses sound/soc/fsl/Kconfig:
> >>
> >> config SND_MPC52xx_SOC_EFIKA
> >>         tristate "SoC AC97 Audio support for bbplan Efika and STAC9766"
> >>         depends on PPC_EFIKA
> >>
> >> This bug was introduced by commit bcdedcc1afd6 ("menuconfig: print more
> >> info for symbol without prompts").
> >>
> >> Reported-by: Borislav Petkov <bp@alien8.de>
> >> Signed-off-by: Li Zefan <lizefan@huawei.com>
> > 
> > Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> > 
> > Michal, I'll get this in my tree, and will send a pull-request to you
> > later (I may have a few other smallish fixes shortly).
> 
> It's difficult to apply this to kbuild.git#kconfig, because the bug that
> it is fixing is not there. I will send it to Linus by mail.

Indeed. Thank you.

It's strange that a kconfig-related change did not land in your tree
before getting mainline...

[For the records, it got in via akpm's (Andrew MORTON) branch in
 5f56886 ;-) ]

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol
  2013-05-07 14:06     ` Yann E. MORIN
@ 2013-05-07 14:13       ` Michal Marek
  0 siblings, 0 replies; 10+ messages in thread
From: Michal Marek @ 2013-05-07 14:13 UTC (permalink / raw)
  To: Yann E. MORIN
  Cc: Li Zefan, Andrew Morton, Weng Meiling, Libo Chen, LKML,
	linux-kbuild, Borislav Petkov

Dne 7.5.2013 16:06, Yann E. MORIN napsal(a):
> It's strange that a kconfig-related change did not land in your tree
> before getting mainline...

It's quite simple. I wanted to look at the patch, but Andrew beat me to
it. I am not saying that I would have spotted the null pointer deref
myself :-).

Michal

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol
@ 2013-05-07 13:56 Michal Marek
  0 siblings, 0 replies; 10+ messages in thread
From: Michal Marek @ 2013-05-07 13:56 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: Borislav Petkov, Li Zefan, Libo Chen, Yann E. MORIN, linux-kernel

From: Li Zefan <lizefan@huawei.com>

Searching PPC_EFIKA results segmentation fault, and it's because
get_symbol_prop() returns NULL.

In this case CONFIG_PPC_EFIKA is defined in arch/powerpc/platforms/
52xx/Kconfig, so it won't be parsed if ARCH!=PPC, but menuconfig
knows this symbol when it parses sound/soc/fsl/Kconfig:

config SND_MPC52xx_SOC_EFIKA
        tristate "SoC AC97 Audio support for bbplan Efika and STAC9766"
        depends on PPC_EFIKA

This bug was introduced by commit bcdedcc1afd6 ("menuconfig: print more
info for symbol without prompts").

Reported-and-tested-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Li Zefan <lizefan@huawei.com>
Tested-by: Libo Chen <libo.chen@huawei.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
---

This is a fix for a commit that is not in my kconfig branch, therefore
I am sending it directly.

Michal

---
 scripts/kconfig/menu.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
index 826da66..b5c7d90 100644
--- a/scripts/kconfig/menu.c
+++ b/scripts/kconfig/menu.c
@@ -600,14 +600,18 @@ void get_symbol_str(struct gstr *r, struct symbol *sym,
 	}
 	for_all_prompts(sym, prop)
 		get_prompt_str(r, prop, head);
+
 	prop = get_symbol_prop(sym);
-	str_printf(r, _("  Defined at %s:%d\n"), prop->menu->file->name,
-		prop->menu->lineno);
-	if (!expr_is_yes(prop->visible.expr)) {
-		str_append(r, _("  Depends on: "));
-		expr_gstr_print(prop->visible.expr, r);
-		str_append(r, "\n");
+	if (prop) {
+		str_printf(r, _("  Defined at %s:%d\n"), prop->menu->file->name,
+			prop->menu->lineno);
+		if (!expr_is_yes(prop->visible.expr)) {
+			str_append(r, _("  Depends on: "));
+			expr_gstr_print(prop->visible.expr, r);
+			str_append(r, "\n");
+		}
 	}
+
 	hit = false;
 	for_all_properties(sym, prop, P_SELECT) {
 		if (!hit) {
-- 
1.8.2.1


^ permalink raw reply related	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2013-05-07 14:13 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-05-07  2:40 [PATCH] menuconfig: fix NULL pointer dereference when searching a symbol Li Zefan
2013-05-07  2:40 ` Li Zefan
2013-05-07  2:48 ` Libo Chen
2013-05-07  2:48   ` Libo Chen
2013-05-07 10:44 ` Borislav Petkov
2013-05-07 13:21 ` Yann E. MORIN
2013-05-07 13:47   ` Michal Marek
2013-05-07 14:06     ` Yann E. MORIN
2013-05-07 14:13       ` Michal Marek
2013-05-07 13:56 Michal Marek

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.