All of lore.kernel.org
 help / color / mirror / Atom feed
* [libgpiod] segfaults in gpiodetect and gpioinfo
@ 2021-05-20  2:59 Frank Zago
  2021-05-20  7:19 ` Bartosz Golaszewski
  0 siblings, 1 reply; 2+ messages in thread
From: Frank Zago @ 2021-05-20  2:59 UTC (permalink / raw)
  To: linux-gpio

Hello,

If a user doesn't have permission, both gpiodetect and gpioinfo
will segfault when run.

$ ./gpiodetect 
gpiochip0 Permission denied
zsh: segmentation fault (core dumped)  ./gpiodetect

The problem is there:
			if (!chip) {
				if (errno == EACCES)
					printf("%s Permission denied\n",
					       entries[i]->d_name);
				else
					die_perror("unable to open %s",
						   entries[i]->d_name);
			}

chip is NULL, but is later dereferenced.

I'm not submitting a fix as there are 2 possibilities that I can see,
and I don't know which one would be best:

  - add a continue after the die_perror line
  - replace the printf above with die_perror()

Regards,
  Frank.

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [libgpiod] segfaults in gpiodetect and gpioinfo
  2021-05-20  2:59 [libgpiod] segfaults in gpiodetect and gpioinfo Frank Zago
@ 2021-05-20  7:19 ` Bartosz Golaszewski
  0 siblings, 0 replies; 2+ messages in thread
From: Bartosz Golaszewski @ 2021-05-20  7:19 UTC (permalink / raw)
  To: Frank Zago; +Cc: open list:GPIO SUBSYSTEM

On Thu, May 20, 2021 at 4:59 AM Frank Zago <frank@zago.net> wrote:
>
> Hello,
>
> If a user doesn't have permission, both gpiodetect and gpioinfo
> will segfault when run.
>
> $ ./gpiodetect
> gpiochip0 Permission denied
> zsh: segmentation fault (core dumped)  ./gpiodetect
>
> The problem is there:
>                         if (!chip) {
>                                 if (errno == EACCES)
>                                         printf("%s Permission denied\n",
>                                                entries[i]->d_name);
>                                 else
>                                         die_perror("unable to open %s",
>                                                    entries[i]->d_name);
>                         }
>
> chip is NULL, but is later dereferenced.
>
> I'm not submitting a fix as there are 2 possibilities that I can see,
> and I don't know which one would be best:
>
>   - add a continue after the die_perror line
>   - replace the printf above with die_perror()
>
> Regards,
>   Frank.

Hi Frank!

Thanks for the report. This only happens in the master branch which
currently undergoes a huge API overhaul. In the API v2 patch I sent
this problem is fixed.

Bartosz

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-20  7:19 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-20  2:59 [libgpiod] segfaults in gpiodetect and gpioinfo Frank Zago
2021-05-20  7:19 ` Bartosz Golaszewski

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.