From: Eugene Syromiatnikov <esyr@redhat.com>
To: linux-modules@vger.kernel.org
Subject: [PATCH kmod] libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string
Date: Tue, 13 Aug 2024 16:17:27 +0200 [thread overview]
Message-ID: <20240813141727.GA23657@asgard.redhat.com> (raw)
Static analysis has reported a potential UB:
kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf".
# 123| size_t linesz = 0;
# 124|
# 125|-> while (!nullp) {
# 126| char buf[BUFSIZ];
# 127| ssize_t sz;
It seems to be indeed an UB, as nullp is getting assined an address
inside object buf, which has a lifetime of the while loop body,
and is not available outside of it (specifically, in the while
condition, where nullp is checked for NULL). Fix it by putting
buf definition in the outer block.
---
libkmod/libkmod-builtin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
index fd0f54923a48..40a7d6142d03 100644
--- a/libkmod/libkmod-builtin.c
+++ b/libkmod/libkmod-builtin.c
@@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset,
char **line, size_t *size)
{
int sv_errno;
+ char buf[BUFSIZ];
char *nullp = NULL;
size_t linesz = 0;
while (!nullp) {
- char buf[BUFSIZ];
ssize_t sz;
size_t partsz;
--
2.28.0
next reply other threads:[~2024-08-13 14:18 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-13 14:17 Eugene Syromiatnikov [this message]
2024-08-13 17:19 ` [PATCH kmod] libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string Lucas De Marchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240813141727.GA23657@asgard.redhat.com \
--to=esyr@redhat.com \
--cc=linux-modules@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).