From: bugzilla-daemon@bugzilla.kernel.org
To: linux-scsi@vger.kernel.org
Subject: [Bug 34522] New: Error-valued pointer overwrite in SCSI
Date: Wed, 4 May 2011 20:37:30 GMT [thread overview]
Message-ID: <bug-34522-11613@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=34522
Summary: Error-valued pointer overwrite in SCSI
Product: SCSI Drivers
Version: 2.5
Kernel Version: 2.6.38.3
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
AssignedTo: scsi_drivers-other@kernel-bugs.osdl.org
ReportedBy: crubio@cs.wisc.edu
Regression: No
We have statically analyzed SCSI, the VFS and the Memory Management module to
find error-valued pointers that are overwritten without first being checked for
errors. We have found one potential overwrite:
drivers/scsi/scsi_scan.c:639: overwriting potential non-tentative unchecked
error in variable "*bflags", which may contain one of the following error
codes: *EINVAL
Here is a sample trace that illustrates how the overwrite might occur:
include/linux/err.h:24: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:268:"cabs2cil_" receives an error from function
"ERR_PTR"
drivers/scsi/scsi_devinfo.c:268:"tmp___8" receives an error from "cabs2cil_"
drivers/scsi/scsi_devinfo.c:268:"tmp___8" may have an unchecked error
drivers/scsi/scsi_devinfo.c:268:"tmp" receives an error from "tmp___8"
drivers/scsi/scsi_devinfo.c:268:"tmp" may have an unchecked error
drivers/scsi/scsi_devinfo.c:268:"tmp___7" receives an error from "tmp"
drivers/scsi/scsi_devinfo.c:268:"tmp___7" may have an unchecked error
drivers/scsi/scsi_devinfo.c:268: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:477:"devinfo_table" receives an error from function
"scsi_devinfo_lookup_by_key"
drivers/scsi/scsi_devinfo.c:479:"devinfo_table" may have an unchecked error
drivers/scsi/scsi_devinfo.c:480:"devinfo_table" may have an unchecked error
include/linux/err.h:29: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:480:"cabs2cil____0" receives an error from function
"PTR_ERR"
drivers/scsi/scsi_devinfo.c:480:"tmp___19" receives an error from
"cabs2cil____0"
drivers/scsi/scsi_devinfo.c:480:"tmp___17" receives an error from "tmp___19"
drivers/scsi/scsi_devinfo.c:480:"tmp___7" receives an error from "tmp___17"
drivers/scsi/scsi_devinfo.c:480: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:451:"tmp___7" receives an error from function
"scsi_get_device_flags_keyed"
drivers/scsi/scsi_devinfo.c:451: an unchecked error may be returned
drivers/scsi/scsi_scan.c:639:"*bflags" receives an error from function
"scsi_get_device_flags"
drivers/scsi/scsi_scan.c:644:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:645:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:646:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:655:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:656:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:657:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:658:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:573:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:578:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:581:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:582:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:583:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:585:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:587:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:592:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:596:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:603:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:605:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:609:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:578:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:581:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:582:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:583:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:585:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:587:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:592:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:596:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:603:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:620:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:623:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:624:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:625:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:626:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:628:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:629:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:630:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:639:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:639: overwriting potential non-tentative unchecked
error in variable "*bflags"
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
next reply other threads:[~2011-05-04 20:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-04 20:37 bugzilla-daemon [this message]
2012-05-12 14:15 ` [Bug 34522] Error-valued pointer overwrite in SCSI bugzilla-daemon
2012-05-12 14:17 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-34522-11613@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox