From: Amit Shah <amit@infradead.org>
To: YE Chengfeng <cyeaa@connect.ust.hk>,
"amit@kernel.org" <amit@kernel.org>,
"arnd@arndb.de" <arnd@arndb.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: drivers/char: suspected null-pointer dereference problem in handle_control_message
Date: Tue, 26 Oct 2021 12:29:31 +0200 [thread overview]
Message-ID: <a61be974ef65d00fd22b0216fc0d85c0c226f5e9.camel@infradead.org> (raw)
In-Reply-To: <TYCP286MB11884B1010AF8C77F1BBDAF08A849@TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM>
On Tue, 2021-10-26 at 06:17 +0000, YE Chengfeng wrote:
> Hi,
>
> https://github.com/torvalds/linux/blob/master/drivers/char/virtio_console.c#L1657
>
> Our experimental static analysis tool detects a suspected null-pointer-dereference problem. We manually check it, but It still could be false positive because we are not familiar with the code. We report this to you just in case.
>
> We notice that in some branches of switch case at line #1582, the pointer port is null check. But null check is missing at line #1657 and line #1633. It seems like a suspected null-pointer dereference pointer. Would you like to spare some time to have a look at it?
For this NULL deref to happen, the host will have to send a port_name
command before a port_add command. Worrying about that isn't
worthwhile. If you'd like to add a generic `if (unlikely(!port))`
after line 1579 there, that'd be fine as a hint to the static analysis
tools, though, so just for that reason, it might be worthwhile.
Amit
next parent reply other threads:[~2021-10-26 10:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <TYCP286MB11884B1010AF8C77F1BBDAF08A849@TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM>
2021-10-26 10:29 ` Amit Shah [this message]
2021-10-26 11:51 ` 回复: drivers/char: suspected null-pointer dereference problem in handle_control_message YE Chengfeng
2021-10-28 11:54 ` Amit Shah
2021-10-30 13:20 ` 回复: " YE Chengfeng
2021-10-26 6:19 YE Chengfeng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a61be974ef65d00fd22b0216fc0d85c0c226f5e9.camel@infradead.org \
--to=amit@infradead.org \
--cc=amit@kernel.org \
--cc=arnd@arndb.de \
--cc=cyeaa@connect.ust.hk \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.