lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <YFx03qbeGbgBShkQ@kroah.com>
Date:   Thu, 25 Mar 2021 12:32:46 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Jian Dong <dj0227@....com>
Cc:     devel@...verdev.osuosl.org, elder@...nel.org, vireshk@...nel.org,
        johan@...nel.org, linux-kernel@...r.kernel.org,
        greybus-dev@...ts.linaro.org, Jian Dong <dongjian@...ong.com>
Subject: Re: [PATCH]  staging: greybus: fix fw is NULL but dereferenced

On Thu, Mar 25, 2021 at 07:03:39PM +0800, Jian Dong wrote:
> On Thu, 25 Mar 2021 11:29:06 +0100
> Greg KH <gregkh@...uxfoundation.org> wrote:
> 
> > On Thu, Mar 25, 2021 at 06:19:26PM +0800, Jian Dong wrote:
> > > From: Jian Dong <dongjian@...ong.com>
> > > 
> > >  fixes coccicheck Error:
> > > 
> > >  drivers/staging/greybus/bootrom.c:301:41-45: ERROR:
> > >  fw is NULL but dereferenced.
> > > 
> > >  if procedure goto label directly, ret will be nefative, so the fw
> > > is NULL and the if(condition) end with dereferenced fw. let's fix
> > > it.  
> > 
> > Why is this all indented a space?
> this maybe caused by my terminal, I will take notice next time.
> > 
> > > 
> > > Signed-off-by: Jian Dong <dongjian@...ong.com>
> > > ---
> > >  drivers/staging/greybus/bootrom.c | 8 ++++----
> > >  1 file changed, 4 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/drivers/staging/greybus/bootrom.c
> > > b/drivers/staging/greybus/bootrom.c index a8efb86..0439efa 100644
> > > --- a/drivers/staging/greybus/bootrom.c
> > > +++ b/drivers/staging/greybus/bootrom.c
> > > @@ -246,7 +246,7 @@ static int gb_bootrom_get_firmware(struct
> > > gb_operation *op) struct gb_bootrom_get_firmware_response
> > > *firmware_response; struct device *dev =
> > > &op->connection->bundle->dev; unsigned int offset, size;
> > > -	enum next_request_type next_request;
> > > +	enum next_request_type next_request =
> > > NEXT_REQ_GET_FIRMWARE; int ret = 0;
> > >  
> > >  	/* Disable timeouts */
> > > @@ -298,10 +298,10 @@ static int gb_bootrom_get_firmware(struct
> > > gb_operation *op) 
> > >  queue_work:
> > >  	/* Refresh timeout */
> > > -	if (!ret && (offset + size == fw->size))
> > > -		next_request = NEXT_REQ_READY_TO_BOOT;
> > > -	else
> > > +	if (!!ret)  
> > 
> > That is hard to understand, please make this more obvious.
> > 
> if (A && B) else (!A || !B)
> 
> So, when ret is NON-ZERO, set next_request as GET_FIRMWARE, else set
> READ_TO_BOOT. but if second express is flase, next_request still
> need be set as GET_FIRMWARE, So, I initialze it as GET_FIRMWARE.

My point is:
	if (!!ret)
is odd, and is the same thing as:
	if (ret)
correct?

And the latter is the common kernel style, no need to be complex when
you do not need to.

Anyway, others have pointed out why this is incorrect, no need for
further discussion.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ