From: Amit Shah <amit@infradead.org>
To: YE Chengfeng <cyeaa@connect.ust.hk>,
"amit@kernel.org" <amit@kernel.org>,
"arnd@arndb.de" <arnd@arndb.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: drivers/char: suspected null-pointer dereference problem in handle_control_message
Date: Tue, 26 Oct 2021 12:29:31 +0200 [thread overview]
Message-ID: <a61be974ef65d00fd22b0216fc0d85c0c226f5e9.camel@infradead.org> (raw)
In-Reply-To: <TYCP286MB11884B1010AF8C77F1BBDAF08A849@TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM>
On Tue, 2021-10-26 at 06:17 +0000, YE Chengfeng wrote:
> Hi,
>
> https://github.com/torvalds/linux/blob/master/drivers/char/virtio_console.c#L1657
>
> Our experimental static analysis tool detects a suspected null-pointer-dereference problem. We manually check it, but It still could be false positive because we are not familiar with the code. We report this to you just in case.
>
> We notice that in some branches of switch case at line #1582, the pointer port is null check. But null check is missing at line #1657 and line #1633. It seems like a suspected null-pointer dereference pointer. Would you like to spare some time to have a look at it?
For this NULL deref to happen, the host will have to send a port_name
command before a port_add command. Worrying about that isn't
worthwhile. If you'd like to add a generic `if (unlikely(!port))`
after line 1579 there, that'd be fine as a hint to the static analysis
tools, though, so just for that reason, it might be worthwhile.
Amit
next parent reply other threads:[~2021-10-26 10:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <TYCP286MB11884B1010AF8C77F1BBDAF08A849@TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM>
2021-10-26 10:29 ` Amit Shah [this message]
2021-10-26 11:51 ` 回复: drivers/char: suspected null-pointer dereference problem in handle_control_message YE Chengfeng
2021-10-28 11:54 ` Amit Shah
2021-10-30 13:20 ` 回复: " YE Chengfeng
2021-10-26 6:19 YE Chengfeng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a61be974ef65d00fd22b0216fc0d85c0c226f5e9.camel@infradead.org \
--to=amit@infradead.org \
--cc=amit@kernel.org \
--cc=arnd@arndb.de \
--cc=cyeaa@connect.ust.hk \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).