| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <37e54bb8-25db-6f93-4b54-7a10f1eb49c4@gmail.com>
Date: Sat, 31 Jul 2021 11:43:20 +0800
From: Li Tuo <islituo@...il.com>
To: paolo.valente@...aro.org, axboe@...nel.dk
Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
baijiaju1990@...il.com
Subject: [BUG] bfq-iosched: possible null-pointer dereference in
__bfq_insert_request()
Hello,
Our static analysis tool finds a possible null-pointer dereference in
bfq-iosched.c in Linux 5.14.0-rc3:
The variable bfqq is checked in:
5920: waiting = bfqq && bfq_bfqq_wait_request(bfqq);
This indicates that bfqq can be NULL.
But the address of its field fifo, which is an illegal pointer, is
dereferenced in the function list_add_tail():
5925: list_add_tail(&rq->queuelist, &bfqq->fifo);
The pointer bfqq is also dereferenced in the function bfq_rq_enqueued()
which is called at line 5927.
Some dereference operations are:
5826: bfqq->meta_pending++;
5828: bfqq->last_request_pos = blk_rq_pos(rq) + blk_rq_sectors(rq);
I am not quite sure whether this possible null-pointer dereference is
real and how to fix it if it is real.
Any feedback would be appreciated, thanks!
Reported-by: TOTE Robot <oslab@...nghua.edu.cn>
Best wishes,
Tuo Li
Powered by blists - more mailing lists