* [PATCH net v2] fddi: skfp: fix null pointer deferenece in smt.c
@ 2025-05-07 20:37 Siddarth Gundu
2025-05-09 2:27 ` Jakub Kicinski
0 siblings, 1 reply; 2+ messages in thread
From: Siddarth Gundu @ 2025-05-07 20:37 UTC (permalink / raw)
To: andrew+netdev, davem, edumazet, kuba, pabeni
Cc: netdev, linux-kernel, skhan, Siddarth Gundu
In smt_string_swap(), when a closing bracket ']' is encountered
before any opening bracket '[' open_paren would be NULL,
and assigning it to format would lead to a null pointer being
dereferenced in the format++ statement.
Add a check to verify open_paren is non-NULL before assigning
it to format
This issue was reported by Coverity Scan.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Siddarth Gundu <siddarthsgml@gmail.com>
---
v2:
- fix commit message
- Add mention of Coverity Scan
- Update Fixes tag to reference initial commit
v1: https://lore.kernel.org/all/20250505091025.27368-1-siddarthsgml@gmail.com/
drivers/net/fddi/skfp/smt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/fddi/skfp/smt.c b/drivers/net/fddi/skfp/smt.c
index dd15af4e98c2..174f279b89ac 100644
--- a/drivers/net/fddi/skfp/smt.c
+++ b/drivers/net/fddi/skfp/smt.c
@@ -1857,7 +1857,8 @@ static void smt_string_swap(char *data, const char *format, int len)
open_paren = format ;
break ;
case ']' :
- format = open_paren ;
+ if (open_paren)
+ format = open_paren ;
break ;
case '1' :
case '2' :
--
2.43.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net v2] fddi: skfp: fix null pointer deferenece in smt.c
2025-05-07 20:37 [PATCH net v2] fddi: skfp: fix null pointer deferenece in smt.c Siddarth Gundu
@ 2025-05-09 2:27 ` Jakub Kicinski
0 siblings, 0 replies; 2+ messages in thread
From: Jakub Kicinski @ 2025-05-09 2:27 UTC (permalink / raw)
To: Siddarth Gundu
Cc: andrew+netdev, davem, edumazet, pabeni, netdev, linux-kernel,
skhan
On Thu, 8 May 2025 02:07:06 +0530 Siddarth Gundu wrote:
> In smt_string_swap(), when a closing bracket ']' is encountered
> before any opening bracket '[' open_paren would be NULL,
> and assigning it to format would lead to a null pointer being
> dereferenced in the format++ statement.
>
> Add a check to verify open_paren is non-NULL before assigning
> it to format
You'd have to explain where an invalid format could come from.
As far as I can tell they are all hardcoded (grep for SWAP_SMT)
--
pw-bot: cr
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-05-09 2:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-07 20:37 [PATCH net v2] fddi: skfp: fix null pointer deferenece in smt.c Siddarth Gundu
2025-05-09 2:27 ` Jakub Kicinski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).