* [PATCH mtd-utils] ffsX-utils: Fix integer overflow in jffs2dump.c
@ 2024-12-14 13:34 Anton Moryakov
2024-12-16 1:21 ` Zhihao Cheng
0 siblings, 1 reply; 2+ messages in thread
From: Anton Moryakov @ 2024-12-14 13:34 UTC (permalink / raw)
To: chengzhihao1, linux-mtd; +Cc: Anton Moryakov
Report of the static analyzer:
Pointer 'path', returned from function 'xstrdup' at jffs2reader.c:690, may be NULL and is dereferenced at jffs2reader.c:692.
Corrections explained:
After calling xstrdup(p), a path == NULL check has been added. This prevents a possible NULL pointer dereference in the event of a memory allocation error.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
---
jffsX-utils/jffs2reader.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/jffsX-utils/jffs2reader.c b/jffsX-utils/jffs2reader.c
index 87a2167..f776466 100644
--- a/jffsX-utils/jffs2reader.c
+++ b/jffsX-utils/jffs2reader.c
@@ -694,6 +694,11 @@ static struct jffs2_raw_dirent *resolvepath0(char *o, size_t size, uint32_t ino,
pp = path = xstrdup(p);
+ if(path == NULL){
+ *inos = 0;
+ return NULL;
+ }
+
if (*path == '/') {
path++;
ino = 1;
--
2.30.2
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH mtd-utils] ffsX-utils: Fix integer overflow in jffs2dump.c
2024-12-14 13:34 [PATCH mtd-utils] ffsX-utils: Fix integer overflow in jffs2dump.c Anton Moryakov
@ 2024-12-16 1:21 ` Zhihao Cheng
0 siblings, 0 replies; 2+ messages in thread
From: Zhihao Cheng @ 2024-12-16 1:21 UTC (permalink / raw)
To: Anton Moryakov, linux-mtd
在 2024/12/14 21:34, Anton Moryakov 写道:
> Report of the static analyzer:
> Pointer 'path', returned from function 'xstrdup' at jffs2reader.c:690, may be NULL and is dereferenced at jffs2reader.c:692.
>
> Corrections explained:
> After calling xstrdup(p), a path == NULL check has been added. This prevents a possible NULL pointer dereference in the event of a memory allocation error.
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
>
> ---
> jffsX-utils/jffs2reader.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/jffsX-utils/jffs2reader.c b/jffsX-utils/jffs2reader.c
> index 87a2167..f776466 100644
> --- a/jffsX-utils/jffs2reader.c
> +++ b/jffsX-utils/jffs2reader.c
> @@ -694,6 +694,11 @@ static struct jffs2_raw_dirent *resolvepath0(char *o, size_t size, uint32_t ino,
>
> pp = path = xstrdup(p);
>
> + if(path == NULL){
> + *inos = 0;
> + return NULL;
> + }
> +
Hi Anton, please do some manual analysis before sending these patches
scanned by static analyzer. According to the realization of 'xstrdup()',
the program will exit if a failure memory allcation occurs.
> if (*path == '/') {
> path++;
> ino = 1;
>
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-12-16 1:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-14 13:34 [PATCH mtd-utils] ffsX-utils: Fix integer overflow in jffs2dump.c Anton Moryakov
2024-12-16 1:21 ` Zhihao Cheng
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox