[Bug 220707] New: ESAS2R: missing a NULL check in esas2r_init_adapter

[Bug 220707] New: ESAS2R: missing a NULL check in esas2r_init_adapter

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=220707

            Bug ID: 220707
           Summary: ESAS2R: missing a NULL check in esas2r_init_adapter
           Product: SCSI Drivers
           Version: 2.5
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: low
          Priority: P3
         Component: Other
          Assignee: scsi_drivers-other@kernel-bugs.osdl.org
          Reporter: qiushi.wu@ibm.com
        Regression: No

In esas2r/esas2r_init.c, function esas2r_init_adapter() allocates a workqueue
using alloc_ordered_workqueue() but does not verify whether the allocation
succeeds. If the call fails and returns NULL, the returned pointer
a->fw_event_q remains unchecked, which could later lead to a NULL-pointer
dereference when the queue is used. This issue was found via static code
analysis. No specific runtime reproducer is available, but the missing check is
evident in the source logic.

Code: ```a->fw_event_q = alloc_ordered_workqueue("esas2r/%d", WQ_MEM_RECLAIM,
a->index);```

Also, at this allocation point, a->index is initialized to 0 (due to the
earlier memset(a, 0, ...)) and has not yet been assigned the adapter index. It
might be worth confirming whether a->index was intentionally used here for
naming or if the local index variable should be used instead.

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.