Linux-Next Archive on lore.kernel.org
 help / color / Atom feed
* Coverity: spi_nor_erase_sector(): Null pointer dereferences
@ 2019-10-28 23:05 coverity-bot
  2019-10-29  5:59 ` Tudor.Ambarus
  0 siblings, 1 reply; 3+ messages in thread
From: coverity-bot @ 2019-10-28 23:05 UTC (permalink / raw)
  To: Tudor Ambarus; +Cc: Boris Brezillon, Gustavo A. R. Silva, linux-next

Hello!

This is an experimental automated report about issues detected by Coverity
from a scan of next-20191025 as part of the linux-next weekly scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan

You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by recent commits:

453977875364 ("mtd: spi-nor: Introduce 'struct spi_nor_controller_ops'")

Coverity reported the following:

*** CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
/drivers/mtd/spi-nor/spi-nor.c: 967 in spi_nor_erase_sector()
961     	 */
962     	for (i = nor->addr_width - 1; i >= 0; i--) {
963     		nor->bouncebuf[i] = addr & 0xff;
964     		addr >>= 8;
965     	}
966
vvv     CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
vvv     Dereferencing null pointer "nor->controller_ops".
967     	return nor->controller_ops->write_reg(nor, nor->erase_opcode,
968     					      nor->bouncebuf, nor->addr_width);
969     }
970
971     /**
972      * spi_nor_div_by_erase_size() - calculate remainder and update new dividend

If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include:

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487363 ("Null pointer dereferences")
Fixes: 453977875364 ("mtd: spi-nor: Introduce 'struct spi_nor_controller_ops'")


Thanks for your attention!

-- 
Coverity-bot

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Coverity: spi_nor_erase_sector(): Null pointer dereferences
  2019-10-28 23:05 Coverity: spi_nor_erase_sector(): Null pointer dereferences coverity-bot
@ 2019-10-29  5:59 ` Tudor.Ambarus
  2019-10-29 16:05   ` Kees Cook
  0 siblings, 1 reply; 3+ messages in thread
From: Tudor.Ambarus @ 2019-10-29  5:59 UTC (permalink / raw)
  To: keescook; +Cc: boris.brezillon, gustavo, linux-next

Hi. Thanks for the report!

On 10/29/2019 01:05 AM, coverity-bot wrote:
> External E-Mail
> 
> 
> Hello!
> 
> This is an experimental automated report about issues detected by Coverity
> from a scan of next-20191025 as part of the linux-next weekly scan project:
> https://scan.coverity.com/projects/linux-next-weekly-scan
> 
> You're getting this email because you were associated with the identified
> lines of code (noted below) that were touched by recent commits:
> 
> 453977875364 ("mtd: spi-nor: Introduce 'struct spi_nor_controller_ops'")
> 
> Coverity reported the following:
> 
> *** CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
> /drivers/mtd/spi-nor/spi-nor.c: 967 in spi_nor_erase_sector()
> 961     	 */
> 962     	for (i = nor->addr_width - 1; i >= 0; i--) {
> 963     		nor->bouncebuf[i] = addr & 0xff;
> 964     		addr >>= 8;
> 965     	}
> 966
> vvv     CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
> vvv     Dereferencing null pointer "nor->controller_ops".
> 967     	return nor->controller_ops->write_reg(nor, nor->erase_opcode,
> 968     					      nor->bouncebuf, nor->addr_width);
> 969     }
> 970
> 971     /**
> 972      * spi_nor_div_by_erase_size() - calculate remainder and update new dividend
> 
> If this is a false positive, please let us know so we can mark it as
> such, or teach the Coverity rules to be smarter. If not, please make
> sure fixes get into linux-next. :) For patches fixing this, please
> include:

It's a false positive, but the bug report helped us improve the code. I received
similar report with smatch, see the discussion here:
https://www.spinics.net/lists/linux-mtd/msg09701.html


Cheers,
ta
> 
> Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
> Addresses-Coverity-ID: 1487363 ("Null pointer dereferences")
> Fixes: 453977875364 ("mtd: spi-nor: Introduce 'struct spi_nor_controller_ops'")
> 
> 
> Thanks for your attention!
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Coverity: spi_nor_erase_sector(): Null pointer dereferences
  2019-10-29  5:59 ` Tudor.Ambarus
@ 2019-10-29 16:05   ` Kees Cook
  0 siblings, 0 replies; 3+ messages in thread
From: Kees Cook @ 2019-10-29 16:05 UTC (permalink / raw)
  To: Tudor.Ambarus; +Cc: boris.brezillon, gustavo, linux-next

On Tue, Oct 29, 2019 at 05:59:04AM +0000, Tudor.Ambarus@microchip.com wrote:
> Hi. Thanks for the report!
> 
> On 10/29/2019 01:05 AM, coverity-bot wrote:
> > External E-Mail
> > 
> > 
> > Hello!
> > 
> > This is an experimental automated report about issues detected by Coverity
> > from a scan of next-20191025 as part of the linux-next weekly scan project:
> > https://scan.coverity.com/projects/linux-next-weekly-scan
> > 
> > You're getting this email because you were associated with the identified
> > lines of code (noted below) that were touched by recent commits:
> > 
> > 453977875364 ("mtd: spi-nor: Introduce 'struct spi_nor_controller_ops'")
> > 
> > Coverity reported the following:
> > 
> > *** CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
> > /drivers/mtd/spi-nor/spi-nor.c: 967 in spi_nor_erase_sector()
> > 961     	 */
> > 962     	for (i = nor->addr_width - 1; i >= 0; i--) {
> > 963     		nor->bouncebuf[i] = addr & 0xff;
> > 964     		addr >>= 8;
> > 965     	}
> > 966
> > vvv     CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
> > vvv     Dereferencing null pointer "nor->controller_ops".
> > 967     	return nor->controller_ops->write_reg(nor, nor->erase_opcode,
> > 968     					      nor->bouncebuf, nor->addr_width);
> > 969     }
> > 970
> > 971     /**
> > 972      * spi_nor_div_by_erase_size() - calculate remainder and update new dividend
> > 
> > If this is a false positive, please let us know so we can mark it as
> > such, or teach the Coverity rules to be smarter. If not, please make
> > sure fixes get into linux-next. :) For patches fixing this, please
> > include:
> 
> It's a false positive, but the bug report helped us improve the code. I received
> similar report with smatch, see the discussion here:
> https://www.spinics.net/lists/linux-mtd/msg09701.html

Okay, great! The Coverity scan tends to be a little behind, so apologies
for the duplicate report. :) Thanks for checking!

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-28 23:05 Coverity: spi_nor_erase_sector(): Null pointer dereferences coverity-bot
2019-10-29  5:59 ` Tudor.Ambarus
2019-10-29 16:05   ` Kees Cook

Linux-Next Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-next/0 linux-next/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-next linux-next/ https://lore.kernel.org/linux-next \
		linux-next@vger.kernel.org
	public-inbox-index linux-next

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-next


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git