lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 25 Jul 2019 17:49:44 +0800
From:   Jia-Ju Bai <baijiaju1990@...il.com>
To:     jaegeuk@...nel.org, yuchao0@...wei.com
Cc:     linux-f2fs-devel@...ts.sourceforge.net,
        linux-kernel@...r.kernel.org
Subject: [BUG] fs: f2fs: Possible null-pointer dereferences in
 update_general_status()

In update_general_status(), there are two if statements to
check whether SM_I(sbi) is NULL:
LINE 70:     if (SM_I(sbi) && SM_I(sbi)->fcc_info)
LINE 78:     if (SM_I(sbi) && SM_I(sbi)->dcc_info)

When SM_I(sbi) is NULL, it is used at some places, such as:
LINE 88: reserved_segments(sbi)
                   return SM_I(sbi)->reserved_segments;
LINE 89: overprovision_segments(sbi)
                   return SM_I(sbi)->ovp_segments;
LINE 112: MAIN_SEGS(sbi)
                     (SM_I(sbi)->main_segments)

Thus, possible null-pointer dereferences may occur.

These bugs are found by a static analysis tool STCheck written by us.

I do not know how to correctly fix these bugs, so I only report them.


Best wishes,
Jia-Ju Bai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ