| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190724030430.27788-1-baijiaju1990@gmail.com>
Date: Wed, 24 Jul 2019 11:04:30 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: axboe@...nel.dk
Cc: linux-ide@...r.kernel.org, linux-kernel@...r.kernel.org,
Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] ata: libata-core: Fix possible null-pointer dereferences in ata_host_alloc_pinfo()
In ata_host_alloc_pinfo(), when ppi[j] is NULL (line 6184), pi is NULL.
In this case, pi is used on lines 6187-6195:
ap->pio_mask = pi->pio_mask;
ap->mwdma_mask = pi->mwdma_mask;
...
Thus, possible null-pointer dereferences may occur.
To fix these possible bugs, when ppi[j] is NULL, the loop continues, and
"j++" is moved to the loop's regulator.
These bugs are found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
drivers/ata/libata-core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
index 28c492be0a57..dabfa50dfbbe 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -6178,11 +6178,13 @@ struct ata_host *ata_host_alloc_pinfo(struct device *dev,
if (!host)
return NULL;
- for (i = 0, j = 0, pi = NULL; i < host->n_ports; i++) {
+ for (i = 0, j = 0, pi = NULL; i < host->n_ports; i++, j++) {
struct ata_port *ap = host->ports[i];
if (ppi[j])
- pi = ppi[j++];
+ pi = ppi[j];
+ else
+ continue;
ap->pio_mask = pi->pio_mask;
ap->mwdma_mask = pi->mwdma_mask;
--
2.17.0
Powered by blists - more mailing lists