Hi,
https://github.com/torvalds/linux/blob/master/drivers/bus/hisi_lpc.c#L483
Our experimental static analysis tool detects a null-ptr-reference problem. It could be false positive, we report this to you just in case.
Null check is missing for the return pointer of ACPI_COMPANION at line 483 and line 504. It seems that there could be potential null-ptr-dereference problem at line 488 and line 509. Could you spare some time to have a look at it?
Thanks so much,
Chengfeng
On Tue, 2021-10-26 at 06:17 +0000, YE Chengfeng wrote:
> Hi,
>
> https://github.com/torvalds/linux/blob/master/drivers/char/virtio_console.c#L1657
>
> Our experimental static analysis tool detects a suspected null-pointer-dereference problem. We manually check it, but It still could be false positive because we are not familiar with the code. We report this to you just in case.
>
> We notice that in some branches of switch case at line #1582, the pointer port is null check. But null check is missing at line #1657 and line #1633. It seems like a suspected null-pointer dereference pointer. Would you like to spare some time to have a look at it?
For this NULL deref to happen, the host will have to send a port_name
command before a port_add command. Worrying about that isn't
worthwhile. If you'd like to add a generic `if (unlikely(!port))`
after line 1579 there, that'd be fine as a hint to the static analysis
tools, though, so just for that reason, it might be worthwhile.
Amit
Thanks for your reply.
Agree with you, seems that the branch at #line 1573 already handles this situation.
Another question, is it possible that port->name is null when show_port_name is invoked? I don't see any null-check there, could it be a null-dereference problem at #line 1282? Link is below.
https://github.com/torvalds/linux/blob/master/drivers/char/virtio_console.c#L1282
Best Regards.
Chengfeng
-----?ʼ?ԭ??-----
??????: Amit Shah <[email protected]>
????ʱ??: 2021??10??26?? 18:30
?ռ???: YE Chengfeng <[email protected]>; [email protected]; [email protected]; [email protected]
????: Re: drivers/char: suspected null-pointer dereference problem in handle_control_message
On Tue, 2021-10-26 at 06:17 +0000, YE Chengfeng wrote:
> Hi,
>
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> ub.com%2Ftorvalds%2Flinux%2Fblob%2Fmaster%2Fdrivers%2Fchar%2Fvirtio_co
> nsole.c%23L1657&data=04%7C01%7Ccyeaa%40connect.ust.hk%7Ccfdf9c167c
> 6749fe336a08d9986ba318%7C6c1d415239d044ca88d9b8d6ddca0708%7C1%7C0%7C63
> 7708410345384834%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV
> 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GBDIMmW7FA1kawm
> SoKAH7xTW92%2BrHMo2i2SVR42XFqE%3D&reserved=0
>
> Our experimental static analysis tool detects a suspected null-pointer-dereference problem. We manually check it, but It still could be false positive because we are not familiar with the code. We report this to you just in case.
>
> We notice that in some branches of switch case at line #1582, the pointer port is null check. But null check is missing at line #1657 and line #1633. It seems like a suspected null-pointer dereference pointer. Would you like to spare some time to have a look at it?
For this NULL deref to happen, the host will have to send a port_name command before a port_add command. Worrying about that isn't worthwhile. If you'd like to add a generic `if (unlikely(!port))` after line 1579 there, that'd be fine as a hint to the static analysis tools, though, so just for that reason, it might be worthwhile.
Amit
On Tue, 2021-10-26 at 11:51 +0000, YE Chengfeng wrote:
> Thanks for your reply.
>
> Agree with you, seems that the branch at #line 1573 already handles this situation.
>
> Another question, is it possible that port->name is null when show_port_name is invoked? I don't see any null-check there, could it be a null-dereference problem at #line 1282? Link is below.
> https://github.com/torvalds/linux/blob/master/drivers/char/virtio_console.c#L1282
Why don't you try it?
It's certainly possible that a port doesn't have a name.
If it's possible as said, maybe it should be fixed?
Do you need my help to send a patch?
-----?ʼ?ԭ??-----
??????: Amit Shah <[email protected]>
????ʱ??: 2021??10??28?? 19:55
?ռ???: YE Chengfeng <[email protected]>; [email protected]; [email protected]; [email protected]
????: Re: ?ظ?: drivers/char: suspected null-pointer dereference problem in handle_control_message
On Tue, 2021-10-26 at 11:51 +0000, YE Chengfeng wrote:
> Thanks for your reply.
>
> Agree with you, seems that the branch at #line 1573 already handles this situation.
>
> Another question, is it possible that port->name is null when show_port_name is invoked? I don't see any null-check there, could it be a null-dereference problem at #line 1282? Link is below.
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftorvalds%2Flinux%2Fblob%2Fmaster%2Fdrivers%2Fchar%2Fvirtio_console.c%23L1282&data=04%7C01%7Ccyeaa%40connect.ust.hk%7Cf78df542482244275a4408d99a09c159%7C6c1d415239d044ca88d9b8d6ddca0708%7C1%7C0%7C637710188967881644%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=TGc89qYoAYheHQOvDkMCpAtvNJz6muw9zC8nhQXAQ0E%3D&reserved=0
Why don't you try it?
It's certainly possible that a port doesn't have a name.