2014-12-14 22:33:52

by Rickard Strandqvist

[permalink] [raw]
Subject: [PATCH] staging: lustre: lustre: obdclass: lprocfs_status.c: Fix for possible null pointer dereference

There is otherwise a risk of a possible null pointer dereference.

Was largely found by using a static code analysis program called cppcheck.

Signed-off-by: Rickard Strandqvist <[email protected]>
---
.../lustre/lustre/obdclass/lprocfs_status.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c b/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c
index 61e04af..4a7891a 100644
--- a/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c
+++ b/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c
@@ -1897,17 +1897,15 @@ int lprocfs_write_frac_u64_helper(const char *buffer, unsigned long count,
}

units = 1;
- switch (*end) {
- case 'p': case 'P':
- units <<= 10;
- case 't': case 'T':
- units <<= 10;
- case 'g': case 'G':
- units <<= 10;
- case 'm': case 'M':
- units <<= 10;
- case 'k': case 'K':
- units <<= 10;
+ if (end) {
+ switch (*end) {
+ case 'p': case 'P':
+ case 't': case 'T':
+ case 'g': case 'G':
+ case 'm': case 'M':
+ case 'k': case 'K':
+ units <<= 10;
+ }
}
/* Specified units override the multiplier */
if (units)
--
1.7.10.4


2014-12-14 22:40:04

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH] staging: lustre: lustre: obdclass: lprocfs_status.c: Fix for possible null pointer dereference

On Sun, Dec 14, 2014 at 11:36:22PM +0100, Rickard Strandqvist wrote:
> There is otherwise a risk of a possible null pointer dereference.
>
> Was largely found by using a static code analysis program called cppcheck.
>
> Signed-off-by: Rickard Strandqvist <[email protected]>
> ---
> .../lustre/lustre/obdclass/lprocfs_status.c | 20 +++++++++-----------
> 1 file changed, 9 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c b/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c
> index 61e04af..4a7891a 100644
> --- a/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c
> +++ b/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c
> @@ -1897,17 +1897,15 @@ int lprocfs_write_frac_u64_helper(const char *buffer, unsigned long count,
> }
>
> units = 1;
> - switch (*end) {
> - case 'p': case 'P':
> - units <<= 10;
> - case 't': case 'T':
> - units <<= 10;
> - case 'g': case 'G':
> - units <<= 10;
> - case 'm': case 'M':
> - units <<= 10;
> - case 'k': case 'K':
> - units <<= 10;
> + if (end) {
> + switch (*end) {
> + case 'p': case 'P':
> + case 't': case 'T':
> + case 'g': case 'G':
> + case 'm': case 'M':
> + case 'k': case 'K':
> + units <<= 10;
> + }

You know you just changed the logic in the code, right?

Why? Have you tested this?

greg k-h

2014-12-14 22:43:52

by Rickard Strandqvist

[permalink] [raw]
Subject: Re: [PATCH] staging: lustre: lustre: obdclass: lprocfs_status.c: Fix for possible null pointer dereference

Sorry! extremely stupid. Sending new patch immediately.

Kind regards
Rickard Strandqvist


2014-12-14 23:39 GMT+01:00 Greg Kroah-Hartman <[email protected]>:
> On Sun, Dec 14, 2014 at 11:36:22PM +0100, Rickard Strandqvist wrote:
>> There is otherwise a risk of a possible null pointer dereference.
>>
>> Was largely found by using a static code analysis program called cppcheck.
>>
>> Signed-off-by: Rickard Strandqvist <[email protected]>
>> ---
>> .../lustre/lustre/obdclass/lprocfs_status.c | 20 +++++++++-----------
>> 1 file changed, 9 insertions(+), 11 deletions(-)
>>
>> diff --git a/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c b/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c
>> index 61e04af..4a7891a 100644
>> --- a/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c
>> +++ b/drivers/staging/lustre/lustre/obdclass/lprocfs_status.c
>> @@ -1897,17 +1897,15 @@ int lprocfs_write_frac_u64_helper(const char *buffer, unsigned long count,
>> }
>>
>> units = 1;
>> - switch (*end) {
>> - case 'p': case 'P':
>> - units <<= 10;
>> - case 't': case 'T':
>> - units <<= 10;
>> - case 'g': case 'G':
>> - units <<= 10;
>> - case 'm': case 'M':
>> - units <<= 10;
>> - case 'k': case 'K':
>> - units <<= 10;
>> + if (end) {
>> + switch (*end) {
>> + case 'p': case 'P':
>> + case 't': case 'T':
>> + case 'g': case 'G':
>> + case 'm': case 'M':
>> + case 'k': case 'K':
>> + units <<= 10;
>> + }
>
> You know you just changed the logic in the code, right?
>
> Why? Have you tested this?
>
> greg k-h