Missing Null Pointer check in seq_open

Missing Null Pointer check in seq_open

[Rohit]

Hi,

I would like to report a missing NULL pointer check in the fs/seq_file.c APIs.

The seq_open(struct file *file, const struct seq_operations *op) function
does not check whether the second argument is NULL or not.

Other functions, such as seq_read_iter(), directly dereference seq_operations
pointers, possibly resulting in a kernel NULL pointer dereference.

ssize_t seq_read_iter(struct kiocb *iocb, struct iov_iter *iter)
{
struct seq_file *m = iocb->ki_filp->private_data;
....
....

p = m->op->start(m, &m->index);
....
}

Re: Missing Null Pointer check in seq_open

[Al Viro]

On Thu, Mar 05, 2026 at 03:27:08PM +0530, Rohit wrote:
> Hi,
> 
> I would like to report a missing NULL pointer check in the fs/seq_file.c APIs.
> 
> The seq_open(struct file *file, const struct seq_operations *op) function
> does not check whether the second argument is NULL or not.
> 
> Other functions, such as seq_read_iter(), directly dereference seq_operations
> pointers, possibly resulting in a kernel NULL pointer dereference.

It also does not verify that argument is not (void *)0x6969696969696969
and passing that would lead to massive clusterfuck in aforementioned
seq_read_iter().  Your point being...?

Should we check that caller is not passing BS values to arguments to functions
and if we should, where do we stop?

Why is NULL any different from e.g. ERR_PTR(-ENOMEM) in that respect?  Or from
any random invalid value, for that matter?