From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joe Perches Subject: Re: [PATCH 1/1] tipc: check return value of nlmsg_new Date: Sun, 23 Apr 2017 01:16:05 -0700 Message-ID: <1492935365.30293.45.camel@perches.com> References: <1492931359-25004-1-git-send-email-bianpan2016@163.com> <1492931836.30293.43.camel@perches.com> <20170423080027.GA843@bp> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Cc: Ying Xue , "David S. Miller" , netdev@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org To: PanBian Return-path: In-Reply-To: <20170423080027.GA843@bp> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Sun, 2017-04-23 at 16:00 +0800, PanBian wrote: > On Sun, Apr 23, 2017 at 12:17:16AM -0700, Joe Perches wrote: > > On Sun, 2017-04-23 at 15:09 +0800, Pan Bian wrote: > > > Function nlmsg_new() will return a NULL pointer if there is no enough > > > memory, and its return value should be checked before it is used. > > > However, in function tipc_nl_node_get_monitor(), the validation of the > > > return value of function nlmsg_new() is missed. This patch fixes the > > > bug. > > > > Hello. > > > > Thanks for the patches. > > > > Are you finding these via a tool or inspection? > > > > If a tool is being used, could you please describe it? > > > > Yes. I developed a tool to find this kind of bugs. > > The detecting idea is simple. In large systems like the Linux kernel, > most implementations are correct, and incorrect ones are rare. Based on > this observation, we take programs that have different implementations > with others as bugs. For example, in most cases, the return vlaue of > nlmsg_new() is validated and it will not be passed to genlmsg_reply() if > its value is NULL. However, in function tipc_nl_node_get_monitor(), the > validation is missing. The abnormal behavior leads us to believe that > there is a bug. Perhaps adding __must_check to some of the appropriate function declarations/prototypes would help avoid new future misuses.