* [PATCH 0/2] delete null dereference
@ 2015-10-17 9:32 Julia Lawall
2015-10-17 9:32 ` [PATCH 1/2] NFC: " Julia Lawall
0 siblings, 1 reply; 4+ messages in thread
From: Julia Lawall @ 2015-10-17 9:32 UTC (permalink / raw)
To: netdev; +Cc: kernel-janitors, linux-wireless, linux-kernel, linux-media
These patches delete NULL dereferences, as detected by
scripts/coccinelle/null/deref_null.cocci.
---
drivers/media/pci/netup_unidvb/netup_unidvb_spi.c | 6 ++----
net/nfc/netlink.c | 6 ++----
2 files changed, 4 insertions(+), 8 deletions(-)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] NFC: delete null dereference
2015-10-17 9:32 [PATCH 0/2] delete null dereference Julia Lawall
@ 2015-10-17 9:32 ` Julia Lawall
2015-10-19 12:57 ` Dan Carpenter
2015-10-20 4:50 ` Samuel Ortiz
0 siblings, 2 replies; 4+ messages in thread
From: Julia Lawall @ 2015-10-17 9:32 UTC (permalink / raw)
To: Lauro Ramos Venancio
Cc: kernel-janitors, Aloisio Almeida Jr, Samuel Ortiz,
David S. Miller, linux-wireless, netdev, linux-kernel
The exit label performs device_unlock(&dev->dev);, which will fail when dev
is NULL, and nfc_put_device(dev);, which is not useful when dev is NULL, so
just exit the function immediately.
Problem found using scripts/coccinelle/null/deref_null.cocci
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
---
net/nfc/netlink.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index 853172c..f040532 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -1109,10 +1109,8 @@ static int nfc_genl_llc_sdreq(struct sk_buff *skb, struct genl_info *info)
idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
dev = nfc_get_device(idx);
- if (!dev) {
- rc = -ENODEV;
- goto exit;
- }
+ if (!dev)
+ return -ENODEV;
device_lock(&dev->dev);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] NFC: delete null dereference
2015-10-17 9:32 ` [PATCH 1/2] NFC: " Julia Lawall
@ 2015-10-19 12:57 ` Dan Carpenter
2015-10-20 4:50 ` Samuel Ortiz
1 sibling, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2015-10-19 12:57 UTC (permalink / raw)
To: Julia Lawall
Cc: Lauro Ramos Venancio, kernel-janitors, Aloisio Almeida Jr,
Samuel Ortiz, David S. Miller, linux-wireless, netdev,
linux-kernel
The next goto after that is messed up as well:
1056 dev = nfc_get_device(idx);
1057 if (!dev)
1058 return -ENODEV;
1059
1060 device_lock(&dev->dev);
1061
1062 local = nfc_llcp_find_local(dev);
1063 if (!local) {
1064 nfc_put_device(dev);
It should not call nfc_put_device() because that happens after goto
exit.
1065 rc = -ENODEV;
1066 goto exit;
1067 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] NFC: delete null dereference
2015-10-17 9:32 ` [PATCH 1/2] NFC: " Julia Lawall
2015-10-19 12:57 ` Dan Carpenter
@ 2015-10-20 4:50 ` Samuel Ortiz
1 sibling, 0 replies; 4+ messages in thread
From: Samuel Ortiz @ 2015-10-20 4:50 UTC (permalink / raw)
To: Julia Lawall
Cc: Lauro Ramos Venancio, kernel-janitors, Aloisio Almeida Jr,
David S. Miller, linux-wireless, netdev, linux-kernel
Hi Julia,
On Sat, Oct 17, 2015 at 11:32:19AM +0200, Julia Lawall wrote:
> The exit label performs device_unlock(&dev->dev);, which will fail when dev
> is NULL, and nfc_put_device(dev);, which is not useful when dev is NULL, so
> just exit the function immediately.
>
> Problem found using scripts/coccinelle/null/deref_null.cocci
>
> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
>
> ---
> net/nfc/netlink.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
Applied to nfc-next, thanks.
Cheers,
Samuel.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-10-20 4:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-17 9:32 [PATCH 0/2] delete null dereference Julia Lawall
2015-10-17 9:32 ` [PATCH 1/2] NFC: " Julia Lawall
2015-10-19 12:57 ` Dan Carpenter
2015-10-20 4:50 ` Samuel Ortiz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).