lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1471815064.3746.29.camel@perches.com>
Date:   Sun, 21 Aug 2016 14:31:04 -0700
From:   Joe Perches <joe@...ches.com>
To:     Heinrich Schuchardt <xypron.debian@....de>,
        Heinrich Schuchardt <xypron.glpk@....de>,
        Alex Deucher <alexander.deucher@....com>,
        Christian König <christian.koenig@....com>
Cc:     David Airlie <airlied@...ux.ie>, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] drm/radeon: avoid NULL dereference,
 si_get_vce_clock_voltage

On Sun, 2016-08-21 at 23:20 +0200, Heinrich Schuchardt wrote:
> On 08/21/2016 11:06 PM, Joe Perches wrote:
> > On Sun, 2016-08-21 at 22:52 +0200, Heinrich Schuchardt wrote:
> > > 
> > > It does not make sense to check if table is NULL
> > > and afterwards to dereference it without
> > > considering the result.
> > This makes no sense.
> > > The inconsistency was indicated by cppcheck.
> > Perhaps this is a defect in cppcheck?
> > > An actual NULL pointer dereference was not observed.
> > []
> > > diff --git a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c
> > []
> > > @@ -2962,7 +2962,7 @@ static int si_get_vce_clock_voltage(struct radeon_device *rdev,
> > >  		&rdev->pm.dpm.dyn_state.vce_clock_voltage_dependency_table;
> > >  
> > >  	if (((evclk == 0) && (ecclk == 0)) ||
> > > -	    (table && (table->count == 0))) {
> > Here table is only dereferenced if table is non-null
> > > 
> > > +	    table == NULL || table->count == 0) {
> > >  		*voltage = 0;
> > >  		return 0;
> > >  	}
> > Perhaps the unnecessary parentheses can be reduce though.
> > 
> >  	if ((evclk == 0 && ecclk == 0) || (table && table->count == 0)) {
> > 
> The possible NULL pointer dereference would occur here:
> 
> 2970        for (i = 0; i < table->count; i++) {

This still doesn't make any sense as table is known non-null
at line 2961

	struct radeon_vce_clock_voltage_dependency_table *table =
		&rdev->pm.dpm.dyn_state.vce_clock_voltage_dependency_table;

So I now suggest simply removing the test for table.

Perhaps cppcheck can be improved to know about known non-null pointers.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ