[PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate a null pointer dereference

public inbox for kernel-janitors@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate a null pointer dereference
@ 2011-10-28 23:58 Julia Lawall
  2011-10-29  1:05 ` [PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate Larry Finger
  0 siblings, 1 reply; 3+ messages in thread
From: Julia Lawall @ 2011-10-28 23:58 UTC (permalink / raw)
  To: Larry Finger
  Cc: kernel-janitors, Florian Schilhabel, Greg Kroah-Hartman, devel,
	linux-kernel

From: Julia Lawall <julia@diku.dk>

If ibss_wlan is NULL, it is not correct to memcpy into its field.

The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@r@
expression E, E1;
identifier f;
statement S1,S2,S3;
@@

if (E = NULL)
{
  ... when != if (E = NULL || ...) S1 else S2
      when != E = E1
*E->f
  ... when any
  return ...;
}
else S3
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>

---
I have no idea whether this is the correct fix.

 drivers/staging/rtl8712/rtl871x_mlme.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/rtl8712/rtl871x_mlme.c b/drivers/staging/rtl8712/rtl871x_mlme.c
index ef8eb6c..4277d03 100644
--- a/drivers/staging/rtl8712/rtl871x_mlme.c
+++ b/drivers/staging/rtl8712/rtl871x_mlme.c
@@ -551,7 +551,7 @@ void r8712_survey_event_callback(struct _adapter *adapter, u8 *pbuf)
 			ibss_wlan = r8712_find_network(
 						&pmlmepriv->scanned_queue,
 						pnetwork->MacAddress);
-			if (!ibss_wlan) {
+			if (ibss_wlan) {
 				memcpy(ibss_wlan->network.IEs,
 					pnetwork->IEs, 8);
 				goto exit;


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate
  2011-10-28 23:58 [PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate a null pointer dereference Julia Lawall
@ 2011-10-29  1:05 ` Larry Finger
  2011-10-29  6:20   ` [PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate a Dan Carpenter
  0 siblings, 1 reply; 3+ messages in thread
From: Larry Finger @ 2011-10-29  1:05 UTC (permalink / raw)
  To: Julia Lawall
  Cc: kernel-janitors, Florian Schilhabel, Greg Kroah-Hartman, devel,
	linux-kernel

On 10/28/2011 06:58 PM, Julia Lawall wrote:
> From: Julia Lawall<julia@diku.dk>
>
> If ibss_wlan is NULL, it is not correct to memcpy into its field.
>
> The semantic match that finds this problem is as follows:
> (http://coccinelle.lip6.fr/)
>
> //<smpl>
> @r@
> expression E, E1;
> identifier f;
> statement S1,S2,S3;
> @@
>
> if (E = NULL)
> {
>    ... when != if (E = NULL || ...) S1 else S2
>        when != E = E1
> *E->f
>    ... when any
>    return ...;
> }
> else S3
> //</smpl>
>
> Signed-off-by: Julia Lawall<julia@diku.dk>
>
> ---
> I have no idea whether this is the correct fix.

I believe it is. It probably does not matter as I have never hit an oops at this 
location.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
>
>   drivers/staging/rtl8712/rtl871x_mlme.c |    2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/rtl8712/rtl871x_mlme.c b/drivers/staging/rtl8712/rtl871x_mlme.c
> index ef8eb6c..4277d03 100644
> --- a/drivers/staging/rtl8712/rtl871x_mlme.c
> +++ b/drivers/staging/rtl8712/rtl871x_mlme.c
> @@ -551,7 +551,7 @@ void r8712_survey_event_callback(struct _adapter *adapter, u8 *pbuf)
>   			ibss_wlan = r8712_find_network(
>   						&pmlmepriv->scanned_queue,
>   						pnetwork->MacAddress);
> -			if (!ibss_wlan) {
> +			if (ibss_wlan) {
>   				memcpy(ibss_wlan->network.IEs,
>   					pnetwork->IEs, 8);
>   				goto exit;
>
>


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate a
  2011-10-29  1:05 ` [PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate Larry Finger
@ 2011-10-29  6:20   ` Dan Carpenter
  0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2011-10-29  6:20 UTC (permalink / raw)
  To: Larry Finger
  Cc: Julia Lawall, kernel-janitors, Florian Schilhabel,
	Greg Kroah-Hartman, devel, linux-kernel

On Fri, Oct 28, 2011 at 08:05:52PM -0500, Larry Finger wrote:
> I believe it is. It probably does not matter as I have never hit an
> oops at this location.
> 

You would only hit an Oops if you used a zero mac address for
pnetwork->MacAddress.

Julia's patch is turning on some code that was never tested to make
it the common case.  So it will be easy to see if it works or not
when it gets merged.  ;P  To me it could go either way, (the test is
reversed or the memcpy() could be removed).

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-10-29  6:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-28 23:58 [PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate a null pointer dereference Julia Lawall
2011-10-29  1:05 ` [PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate Larry Finger
2011-10-29  6:20   ` [PATCH 1/5] drivers/staging/rtl8712/rtl871x_mlme.c: eliminate a Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox