Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp458614rwr; Wed, 3 May 2023 00:53:42 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6WiWtSv06H04AhD3fuN2/d4UXF/XO35iJ0E8NcKhcfNVjqXe9RzPKHRUdBAYc0pes+8kq2 X-Received: by 2002:a05:6a21:999b:b0:dd:b941:5d99 with SMTP id ve27-20020a056a21999b00b000ddb9415d99mr26137988pzb.51.1683100421652; Wed, 03 May 2023 00:53:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683100421; cv=none; d=google.com; s=arc-20160816; b=UoSCbX1zhOULs6IaHmFcWNQUyTgEvPz+R8wxAeZl67cIokWTE8ogImVdMshQ9K97tH Jx6b7Aod5OeprbEbE/0eym0JtFOuZhGnuEUZqDyaMCSxaioLkDBU15YSgeoc8S8Hutns P9V3c4KTZb4gNgf6q6CrPHtdHPfu5yICfobiis2srz9cI/cUEXDGl3F7dbQJIrmW3w6Z rKgoxPuXQiKhaLJTvlcaHQ36BT63D7uiATkSUrRoWYQdyYL41GiYn2VoH/9LhlmevGRu T25NjVl/sjqDGZUnNXD4F88kOX6SQuxiNsihUL/slPBcFNJZ1NEyou8MwIibc6/0MofI Yvlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature:dkim-signature; bh=Bn/5ZlGn+EVgDbTblPSYKY/zFDm4FlTzSP0TCXKNJ60=; b=XaOUXtPg1nFLV+CJqye6ca1//1z3vP/zKCLzRJs7hzLjLBVmK8SGfJgQyRkK63a6oh TCliMkkza3ylp8xvpoqucWgN5mEnH3ygP2A/9V+bnXKYyuG52tq0ZH22mLl+95vUAvdY pnxmNqekeJ5fGqU7pyyg8w8CoSj62sptrwTkW6CRfBbbVvmsGUCZWekCoQn4NJ6onImD +ITp2AW0zrDzY6V+pzct2BxPFiRqQyoJGhaDMeW91kOlNm2VSe954Ge8RRf4EjbJxIn1 +5FMe1vgWB/JZfiv+6JTe8YPHuk/4RFJ7jsfjJf8Jci2JgTO0PV7w6Dku5nyHdINkDZp QIrg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codewreck.org header.s=2 header.b=lZbXHAin; dkim=pass header.i=@codewreck.org header.s=2 header.b=syReZg6P; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=codewreck.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y21-20020aa79435000000b0063d334a2eb2si29576284pfo.183.2023.05.03.00.53.28; Wed, 03 May 2023 00:53:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@codewreck.org header.s=2 header.b=lZbXHAin; dkim=pass header.i=@codewreck.org header.s=2 header.b=syReZg6P; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=codewreck.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229505AbjECHt7 (ORCPT + 99 others); Wed, 3 May 2023 03:49:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229799AbjECHt5 (ORCPT ); Wed, 3 May 2023 03:49:57 -0400 Received: from nautica.notk.org (nautica.notk.org [91.121.71.147]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E523198E; Wed, 3 May 2023 00:49:55 -0700 (PDT) Received: by nautica.notk.org (Postfix, from userid 108) id 2664BC024; Wed, 3 May 2023 09:49:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2; t=1683100194; bh=Bn/5ZlGn+EVgDbTblPSYKY/zFDm4FlTzSP0TCXKNJ60=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lZbXHAinRemGzBdMo4E2vZzotxRlle5e8vGhZKpkNoc64I9xEQ/YrghcbSp3ck+jh RDzAy01kl5y1Oce6KzAXeX4iZRzPq1mtNgIL6ozZs4li3WsbP0W5vqlNAMuEjQxGde EEyUkT4iRK1dcfebikg5OTKVcteojHG5bePWzJIT6BjLcTdoHbf8q5I7CXBoc+NK3b nCdX7pz7Ju7QHWt7YBFkTXgs0U6j5Qa84lB5po3LfN3xvR2NMmRO5Jwmr3NtqB5OCt 50UF7e7AzXFvjQThu5ITeRZVjB7o/M7HyVAj65Ki1Z3pOmZiZHverGdaphrceCCw95 /Zrg6ZMyzvduw== X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from odin.codewreck.org (localhost [127.0.0.1]) by nautica.notk.org (Postfix) with ESMTPS id 9000FC024; Wed, 3 May 2023 09:49:46 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2; t=1683100192; bh=Bn/5ZlGn+EVgDbTblPSYKY/zFDm4FlTzSP0TCXKNJ60=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=syReZg6P6clHA+ydk9LatPM6TUX8yYj0qYvSB+4ma8ZmuXFnTo9jAiJEwKC/zT7tK oDuo+/vM2j/eZJ5ZWyN6pAXwgZ8wnajxmr0dv8Ay1OZGf/FJlF/PMjkC20qqu8cCa5 ETDhGms1M91LNe0oMGFBTtU+1uigHydXV2+rNSfIXUBKArufxnjlPKNTh9RLQ5fF6r /VQv13KTrc1zqh1JpFnD+foHLo24kjJ+bhzG6kxjioyHVnw8pzTZunO2nkNSSImwhK 0EZOcuLtdXlyBnLHHuUEIRq871XD2PW0E4n7OOpoRcRZ1NLYMwZQOTelxCqleOkhku wYqLp7H44/hBg== Received: from [127.0.0.2] (localhost [::1]) by odin.codewreck.org (OpenSMTPD) with ESMTP id a2b34235; Wed, 3 May 2023 07:49:37 +0000 (UTC) From: Dominique Martinet Date: Wed, 03 May 2023 16:49:26 +0900 Subject: [PATCH v2 2/5] 9p: virtio: fix unlikely null pointer deref in handle_rerror MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20230427-scan-build-v2-2-bb96a6e6a33b@codewreck.org> References: <20230427-scan-build-v2-0-bb96a6e6a33b@codewreck.org> In-Reply-To: <20230427-scan-build-v2-0-bb96a6e6a33b@codewreck.org> To: Eric Van Hensbergen , Latchesar Ionkov , Christian Schoenebeck , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: Simon Horman , v9fs@lists.linux.dev, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, Dominique Martinet X-Mailer: b4 0.13-dev-f371f X-Developer-Signature: v=1; a=openpgp-sha256; l=1391; i=asmadeus@codewreck.org; h=from:subject:message-id; bh=Y6KjVHWIIzNv5G9OQA9559Le+4Qy3Sq4eORmp7S4tKc=; b=owEBbQKS/ZANAwAIAatOm+xqmOZwAcsmYgBkUhIRIiVTjDDML37A9Vdn14K6TOXpNjJcQR7vZ bUrPpMLcHaJAjMEAAEIAB0WIQT8g9txgG5a3TOhiE6rTpvsapjmcAUCZFISEQAKCRCrTpvsapjm cIfzD/0fdtylPvf+ZXFI3idGfmM9rCi/Oyy9JGSjiU8U22WOOnkX5WLbZDdp/lkWZvSnIJikBoz JS5FG0IzWBW3coy7KMPy6e4E2Y7qUttUhK9X421UvQ2gvhXoY/55TwAaGClF5IDHE2f+jbVc9AK Ra/RvqBK3ilgCQlPc1RJPFC6kXevqsPYxhGHZmZxIlPiwkp6xHPxYgjvQiMU9EQJt+K4Cw0Gs1T hYL27EvJfu3zdj5iBCa1m6yYVwHk5P9gZXD9SWoCANbHzMNfAWPwdZ2ZuR9xEeCcPYXJwGvhXKg UodiX+qScCuetqsH/tApjtHNCYzMh+v/EKlCoSOhb5a54gwVoCIgzO2FsKEh0EN8EwV4UOssUFX xRNlEGdKAHkjUGjC7gMQt7+g8Wuk+jQCB1eHLjRyX/YiSplSr25CrGLHlz+UvzRlGLgmbgj0oQL xFIp5w+bEaSrs1OyZVjyasfIKLcWidcCVvnJOHH1nglLgjOo1p1wY35Fow9PT1WUQhfi4iCATIy XIM/ZuTG2Qe96mt2nGZ5lk6ZYTkoAdErZJkV207k/DJfKDUAEH3N2OGV2Yr2N/nRPQNrOKA8GtN /yMXnnMfC3UHc5D2W5hJvoM4tQS9Z6cfQ4yo0awQ031caNpe9K07X8oA+jOtANH5Azq0G1VUsdK TBL5ouRdIukX1uA== X-Developer-Key: i=asmadeus@codewreck.org; a=openpgp; fpr=B894379F662089525B3FB1B9333F1F391BBBB00A Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org handle_rerror can dereference the pages pointer, but it is not necessarily set for small payloads. In practice these should be filtered out by the size check, but might as well double-check explicitly. This fixes the following scan-build warnings: net/9p/trans_virtio.c:401:24: warning: Dereference of null pointer [core.NullDereference] memcpy_from_page(to, *pages++, offs, n); ^~~~~~~~ net/9p/trans_virtio.c:406:23: warning: Dereference of null pointer (loaded from variable 'pages') [core.NullDereference] memcpy_from_page(to, *pages, offs, size); ^~~~~~ Reviewed-by: Simon Horman Signed-off-by: Dominique Martinet --- net/9p/trans_virtio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c index 3c27ffb781e3..2c9495ccda6b 100644 --- a/net/9p/trans_virtio.c +++ b/net/9p/trans_virtio.c @@ -384,7 +384,7 @@ static void handle_rerror(struct p9_req_t *req, int in_hdr_len, void *to = req->rc.sdata + in_hdr_len; // Fits entirely into the static data? Nothing to do. - if (req->rc.size < in_hdr_len) + if (req->rc.size < in_hdr_len || !pages) return; // Really long error message? Tough, truncate the reply. Might get -- 2.39.2