| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170516112837.Horde.ri3T1l55zoI08Pf29kOpXn4@gator4166.hostgator.com>
Date: Tue, 16 May 2017 11:28:37 -0500
From: "Gustavo A. R. Silva" <garsilva@...eddedor.com>
To: Felipe Balbi <balbi@...nel.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Michal Nazarewicz <mina86@...a86.com>,
linux-geode@...ts.infradead.org, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org,
Peter Senna Tschudin <peter.senna@...il.com>
Subject: Re: [usb-gadget-udc] question about null check after calling
phys_to_virt() function
Hi Felipe,
Quoting Felipe Balbi <balbi@...nel.org>:
> Hi,
>
> "Gustavo A. R. Silva" <garsilva@...eddedor.com> writes:
>> Hello everybody,
>>
>> While looking into Coverity ID 145958 I ran into the following piece
>> of code at drivers/usb/gadget/udc/amd5536udc.c:852:
>>
>> } else if (i == buf_len) {
>> /* first td */
>> td = (struct udc_data_dma *)phys_to_virt(
>> req->td_data->next);
>> td->status = 0;
>> } else {
>> td = (struct udc_data_dma *)phys_to_virt(last->next);
>> td->status = 0;
>> }
>>
>> if (td)
>> td->bufptr = req->req.dma + i; /* assign buffer */
>> else
>> break;
>>
>> The issue here is that _td_ pointer is being dereferenced before null check.
>>
>> After searching for calls to phys_to_virt() function, I've noticed
>> that is not common at all to test the returned address value.
>>
>> So either the null check at line 862 is not needed or a null check
>> before each td->status = 0; needs to be added.
>
> just remove the previous null check
>
I get it.
Thanks!
--
Gustavo A. R. Silva
Powered by blists - more mailing lists