* Potentially invalid memory accesses drivers/message/fusion/mptbase.c
@ 2017-07-20 23:28 Shaobo
2017-07-20 23:53 ` Bart Van Assche
0 siblings, 1 reply; 2+ messages in thread
From: Shaobo @ 2017-07-20 23:28 UTC (permalink / raw)
To: DL-MPTFusionLinux, MPT-FusionLinux.pdl, linux-scsi; +Cc: kashyap.desai
Hi there,
My name is Shaobo He and I am a graduate student at University of Utah.
I am using a static analysis tool to search for null pointer
dereferences and came across a couple of potentially invalid memory
accesses in the file drivers/message/fusion/mptbase.c: in function
`mpt_turbo_reply`, variable `mf` is initialized to NULL. If the case
`MPI_CONTEXT_REPLY_TYPE_SCSI_TARGET` is taken, then `mf` is not updated
to a non-NULL value and then may get dereferenced in function
`mpt_free_msg_frame`. However, there are a couple of conditions that can
make the error path infeasible. I was wondering if you could confirm
this.
Please let me know if it makes sense. I am looking forward to your
reply.
Best,
Shaobo
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Potentially invalid memory accesses drivers/message/fusion/mptbase.c
2017-07-20 23:28 Potentially invalid memory accesses drivers/message/fusion/mptbase.c Shaobo
@ 2017-07-20 23:53 ` Bart Van Assche
0 siblings, 0 replies; 2+ messages in thread
From: Bart Van Assche @ 2017-07-20 23:53 UTC (permalink / raw)
To: linux-scsi@vger.kernel.org, DL-MPTFusionLinux@lsi.com,
shaobo@cs.utah.edu, MPT-FusionLinux.pdl@broadcom.com
Cc: kashyap.desai@lsi.com
On Thu, 2017-07-20 at 17:28 -0600, Shaobo wrote:
> My name is Shaobo He and I am a graduate student at University of Utah.
> I am using a static analysis tool to search for null pointer
> dereferences and came across a couple of potentially invalid memory
> accesses in the file drivers/message/fusion/mptbase.c: in function
> `mpt_turbo_reply`, variable `mf` is initialized to NULL. If the case
> `MPI_CONTEXT_REPLY_TYPE_SCSI_TARGET` is taken, then `mf` is not updated
> to a non-NULL value and then may get dereferenced in function
> `mpt_free_msg_frame`. However, there are a couple of conditions that can
> make the error path infeasible. I was wondering if you could confirm
> this.
Hello Shaobo,
Which static analysis tool are you using? Is it less or more powerful than
Coverity? If it is not more powerful, are you aware that a full Coverity
scan of the Linux kernel source code is already available at
https://scan.coverity.com/projects/linux? The issue you reported was first
detected by Coverity on February 24th, 2006 (more than ten years ago). In
the aforementioned database Coverity assigned ID 100124 to that issue.
Bart.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-07-20 23:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-20 23:28 Potentially invalid memory accesses drivers/message/fusion/mptbase.c Shaobo
2017-07-20 23:53 ` Bart Van Assche
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox