From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Carpenter Subject: Re: [PATCH] e1000: avoid null pointer dereference on invalid stat type Date: Fri, 22 Sep 2017 14:50:38 +0300 Message-ID: <20170922115038.ckvl6zsmadrqiige@mwanda> References: <20170921220158.19341-1-colin.king@canonical.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Jeff Kirsher , intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org To: Colin King Return-path: Content-Disposition: inline In-Reply-To: <20170921220158.19341-1-colin.king@canonical.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Thu, Sep 21, 2017 at 11:01:58PM +0100, Colin King wrote: > @@ -1837,12 +1838,13 @@ static void e1000_get_ethtool_stats(struct net_device *netdev, > p = (char *)adapter + stat->stat_offset; > break; > default: > + p = NULL; > WARN_ONCE(1, "Invalid E1000 stat type: %u index %d\n", > stat->type, i); > break; > } > > - if (stat->sizeof_stat == sizeof(u64)) > + if (p && stat->sizeof_stat == sizeof(u64)) > data[i] = *(u64 *)p; > else > data[i] = *(u32 *)p; ^^^^^^^^ The else side will still crash. regards, dan carpenter