* [Bug 34522] New: Error-valued pointer overwrite in SCSI
@ 2011-05-04 20:37 bugzilla-daemon
2012-05-12 14:15 ` [Bug 34522] " bugzilla-daemon
2012-05-12 14:17 ` bugzilla-daemon
0 siblings, 2 replies; 3+ messages in thread
From: bugzilla-daemon @ 2011-05-04 20:37 UTC (permalink / raw)
To: linux-scsi
https://bugzilla.kernel.org/show_bug.cgi?id=34522
Summary: Error-valued pointer overwrite in SCSI
Product: SCSI Drivers
Version: 2.5
Kernel Version: 2.6.38.3
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
AssignedTo: scsi_drivers-other@kernel-bugs.osdl.org
ReportedBy: crubio@cs.wisc.edu
Regression: No
We have statically analyzed SCSI, the VFS and the Memory Management module to
find error-valued pointers that are overwritten without first being checked for
errors. We have found one potential overwrite:
drivers/scsi/scsi_scan.c:639: overwriting potential non-tentative unchecked
error in variable "*bflags", which may contain one of the following error
codes: *EINVAL
Here is a sample trace that illustrates how the overwrite might occur:
include/linux/err.h:24: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:268:"cabs2cil_" receives an error from function
"ERR_PTR"
drivers/scsi/scsi_devinfo.c:268:"tmp___8" receives an error from "cabs2cil_"
drivers/scsi/scsi_devinfo.c:268:"tmp___8" may have an unchecked error
drivers/scsi/scsi_devinfo.c:268:"tmp" receives an error from "tmp___8"
drivers/scsi/scsi_devinfo.c:268:"tmp" may have an unchecked error
drivers/scsi/scsi_devinfo.c:268:"tmp___7" receives an error from "tmp"
drivers/scsi/scsi_devinfo.c:268:"tmp___7" may have an unchecked error
drivers/scsi/scsi_devinfo.c:268: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:477:"devinfo_table" receives an error from function
"scsi_devinfo_lookup_by_key"
drivers/scsi/scsi_devinfo.c:479:"devinfo_table" may have an unchecked error
drivers/scsi/scsi_devinfo.c:480:"devinfo_table" may have an unchecked error
include/linux/err.h:29: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:480:"cabs2cil____0" receives an error from function
"PTR_ERR"
drivers/scsi/scsi_devinfo.c:480:"tmp___19" receives an error from
"cabs2cil____0"
drivers/scsi/scsi_devinfo.c:480:"tmp___17" receives an error from "tmp___19"
drivers/scsi/scsi_devinfo.c:480:"tmp___7" receives an error from "tmp___17"
drivers/scsi/scsi_devinfo.c:480: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:451:"tmp___7" receives an error from function
"scsi_get_device_flags_keyed"
drivers/scsi/scsi_devinfo.c:451: an unchecked error may be returned
drivers/scsi/scsi_scan.c:639:"*bflags" receives an error from function
"scsi_get_device_flags"
drivers/scsi/scsi_scan.c:644:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:645:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:646:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:655:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:656:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:657:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:658:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:573:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:578:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:581:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:582:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:583:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:585:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:587:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:592:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:596:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:603:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:605:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:609:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:578:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:581:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:582:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:583:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:585:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:587:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:592:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:596:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:603:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:620:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:623:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:624:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:625:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:626:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:628:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:629:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:630:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:639:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:639: overwriting potential non-tentative unchecked
error in variable "*bflags"
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 34522] Error-valued pointer overwrite in SCSI
2011-05-04 20:37 [Bug 34522] New: Error-valued pointer overwrite in SCSI bugzilla-daemon
@ 2012-05-12 14:15 ` bugzilla-daemon
2012-05-12 14:17 ` bugzilla-daemon
1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2012-05-12 14:15 UTC (permalink / raw)
To: linux-scsi
https://bugzilla.kernel.org/show_bug.cgi?id=34522
Alan <alan@lxorguk.ukuu.org.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |alan@lxorguk.ukuu.org.uk
Resolution| |CODE_FIX
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 34522] Error-valued pointer overwrite in SCSI
2011-05-04 20:37 [Bug 34522] New: Error-valued pointer overwrite in SCSI bugzilla-daemon
2012-05-12 14:15 ` [Bug 34522] " bugzilla-daemon
@ 2012-05-12 14:17 ` bugzilla-daemon
1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2012-05-12 14:17 UTC (permalink / raw)
To: linux-scsi
https://bugzilla.kernel.org/show_bug.cgi?id=34522
Alan <alan@lxorguk.ukuu.org.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-05-12 14:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-05-04 20:37 [Bug 34522] New: Error-valued pointer overwrite in SCSI bugzilla-daemon
2012-05-12 14:15 ` [Bug 34522] " bugzilla-daemon
2012-05-12 14:17 ` bugzilla-daemon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).