From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Carpenter Date: Mon, 22 Mar 2010 12:56:26 +0000 Subject: Re: [patch] afs: potential null dereference Message-Id: <20100322125626.GM21571@bicker> List-Id: References: <20100320111938.GT5331@bicker> <28809.1269259520@redhat.com> In-Reply-To: <28809.1269259520@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: David Howells Cc: kernel-janitors@vger.kernel.org, linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org On Mon, Mar 22, 2010 at 12:05:20PM +0000, David Howells wrote: > Dan Carpenter wrote: > > > It seems clear from the surrounding code that xpermits is allowed to be > > NULL here. > > Interesting. The memcpy() won't oops due to this because if it is given a > NULL pointer, it will also be given a zero count. I wonder if this means the > if-statement your patch adds is actually unnecessary... > I was concerned about the dereference here: + if (xpermits) + memcpy(permits->permits, xpermits->permits, ^^^^^^^^^^^^^^^^^ + count * sizeof(struct afs_permit)); This code has been there for three years, so yeah, you would think if it were a problem someone would have complained. My theory was "xpermits" was almost always non-null. regards, dan carpenter > David