Coverity: spi_nor_erase_sector(): Null pointer dereferences

Coverity: spi_nor_erase_sector(): Null pointer dereferences

[coverity-bot]

Hello!

This is an experimental automated report about issues detected by Coverity
from a scan of next-20191025 as part of the linux-next weekly scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan

You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by recent commits:

453977875364 ("mtd: spi-nor: Introduce 'struct spi_nor_controller_ops'")

Coverity reported the following:

*** CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
/drivers/mtd/spi-nor/spi-nor.c: 967 in spi_nor_erase_sector()
961     	 */
962     	for (i = nor->addr_width - 1; i >= 0; i--) {
963     		nor->bouncebuf[i] = addr & 0xff;
964     		addr >>= 8;
965     	}
966
vvv     CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
vvv     Dereferencing null pointer "nor->controller_ops".
967     	return nor->controller_ops->write_reg(nor, nor->erase_opcode,
968     					      nor->bouncebuf, nor->addr_width);
969     }
970
971     /**
972      * spi_nor_div_by_erase_size() - calculate remainder and update new dividend

If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include:

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487363 ("Null pointer dereferences")
Fixes: 453977875364 ("mtd: spi-nor: Introduce 'struct spi_nor_controller_ops'")


Thanks for your attention!

-- 
Coverity-bot

Re: Coverity: spi_nor_erase_sector(): Null pointer dereferences

[Tudor.Ambarus]

Hi. Thanks for the report!

On 10/29/2019 01:05 AM, coverity-bot wrote:
> External E-Mail
> 
> 
> Hello!
> 
> This is an experimental automated report about issues detected by Coverity
> from a scan of next-20191025 as part of the linux-next weekly scan project:
> https://scan.coverity.com/projects/linux-next-weekly-scan
> 
> You're getting this email because you were associated with the identified
> lines of code (noted below) that were touched by recent commits:
> 
> 453977875364 ("mtd: spi-nor: Introduce 'struct spi_nor_controller_ops'")
> 
> Coverity reported the following:
> 
> *** CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
> /drivers/mtd/spi-nor/spi-nor.c: 967 in spi_nor_erase_sector()
> 961     	 */
> 962     	for (i = nor->addr_width - 1; i >= 0; i--) {
> 963     		nor->bouncebuf[i] = addr & 0xff;
> 964     		addr >>= 8;
> 965     	}
> 966
> vvv     CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
> vvv     Dereferencing null pointer "nor->controller_ops".
> 967     	return nor->controller_ops->write_reg(nor, nor->erase_opcode,
> 968     					      nor->bouncebuf, nor->addr_width);
> 969     }
> 970
> 971     /**
> 972      * spi_nor_div_by_erase_size() - calculate remainder and update new dividend
> 
> If this is a false positive, please let us know so we can mark it as
> such, or teach the Coverity rules to be smarter. If not, please make
> sure fixes get into linux-next. :) For patches fixing this, please
> include:

It's a false positive, but the bug report helped us improve the code. I received
similar report with smatch, see the discussion here:
https://www.spinics.net/lists/linux-mtd/msg09701.html


Cheers,
ta
> 
> Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
> Addresses-Coverity-ID: 1487363 ("Null pointer dereferences")
> Fixes: 453977875364 ("mtd: spi-nor: Introduce 'struct spi_nor_controller_ops'")
> 
> 
> Thanks for your attention!
> 

Re: Coverity: spi_nor_erase_sector(): Null pointer dereferences

[Kees Cook]

On Tue, Oct 29, 2019 at 05:59:04AM +0000, Tudor.Ambarus@microchip.com wrote:
> Hi. Thanks for the report!
> 
> On 10/29/2019 01:05 AM, coverity-bot wrote:
> > External E-Mail
> > 
> > 
> > Hello!
> > 
> > This is an experimental automated report about issues detected by Coverity
> > from a scan of next-20191025 as part of the linux-next weekly scan project:
> > https://scan.coverity.com/projects/linux-next-weekly-scan
> > 
> > You're getting this email because you were associated with the identified
> > lines of code (noted below) that were touched by recent commits:
> > 
> > 453977875364 ("mtd: spi-nor: Introduce 'struct spi_nor_controller_ops'")
> > 
> > Coverity reported the following:
> > 
> > *** CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
> > /drivers/mtd/spi-nor/spi-nor.c: 967 in spi_nor_erase_sector()
> > 961     	 */
> > 962     	for (i = nor->addr_width - 1; i >= 0; i--) {
> > 963     		nor->bouncebuf[i] = addr & 0xff;
> > 964     		addr >>= 8;
> > 965     	}
> > 966
> > vvv     CID 1487363:  Null pointer dereferences  (FORWARD_NULL)
> > vvv     Dereferencing null pointer "nor->controller_ops".
> > 967     	return nor->controller_ops->write_reg(nor, nor->erase_opcode,
> > 968     					      nor->bouncebuf, nor->addr_width);
> > 969     }
> > 970
> > 971     /**
> > 972      * spi_nor_div_by_erase_size() - calculate remainder and update new dividend
> > 
> > If this is a false positive, please let us know so we can mark it as
> > such, or teach the Coverity rules to be smarter. If not, please make
> > sure fixes get into linux-next. :) For patches fixing this, please
> > include:
> 
> It's a false positive, but the bug report helped us improve the code. I received
> similar report with smatch, see the discussion here:
> https://www.spinics.net/lists/linux-mtd/msg09701.html

Okay, great! The Coverity scan tends to be a little behind, so apologies
for the duplicate report. :) Thanks for checking!

-- 
Kees Cook