| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 May 2017 16:52:13 -0500
From: "Gustavo A. R. Silva" <garsilva@...eddedor.com>
To: Paolo Valente <paolo.valente@...aro.org>,
Jens Axboe <axboe@...nel.dk>
Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [block] question about potential null pointer dereference
Hello everybody,
While looking into Coverity ID 1408828 I ran into the following piece
of code at block/bfq-wf2q.c:542:
542static struct rb_node *bfq_find_deepest(struct rb_node *node)
543{
544 struct rb_node *deepest;
545
546 if (!node->rb_right && !node->rb_left)
547 deepest = rb_parent(node);
548 else if (!node->rb_right)
549 deepest = node->rb_left;
550 else if (!node->rb_left)
551 deepest = node->rb_right;
552 else {
553 deepest = rb_next(node);
554 if (deepest->rb_right)
555 deepest = deepest->rb_right;
556 else if (rb_parent(deepest) != node)
557 deepest = rb_parent(deepest);
558 }
559
560 return deepest;
561}
The issue here is that there is a potential NULL pointer dereference
at line 554, in case function rb_next() returns NULL.
Maybe a patch like the following could be applied in order to avoid
any chance of a NULL pointer dereference:
index 8726ede..28d8b90 100644
--- a/block/bfq-wf2q.c
+++ b/block/bfq-wf2q.c
@@ -551,6 +551,8 @@ static struct rb_node *bfq_find_deepest(struct
rb_node *node)
deepest = node->rb_right;
else {
deepest = rb_next(node);
+ if (!deepest)
+ return NULL;
if (deepest->rb_right)
deepest = deepest->rb_right;
else if (rb_parent(deepest) != node)
What do you think?
I'd really appreciate any comment on this.
Thank you!
--
Gustavo A. R. Silva
Powered by blists - more mailing lists