lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Mon, 25 Oct 2021 08:24:33 +0900
From:   Damien Le Moal <damien.lemoal@...nsource.wdc.com>
To:     YE Chengfeng <cyeaa@...nect.ust.hk>
Cc:     "linux-ide@...r.kernel.org" <linux-ide@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: Potential null-pointer-dereference problem due to missing
 null-checking for ata_timing_find_mode

On 2021/10/25 3:08, YE Chengfeng wrote:
> Hi,
> 
> I found that the function *ata_timing_find_mode *could return a null pointer in
> some situattions, but some call sites of this function don't check whether the
> return value is a null pointer. Could it be a potential null-pointer-dereference
> problem? 
> https://github.com/torvalds/linux/blob/master/drivers/ata/pata_acpi.c#L145
> <https://github.com/torvalds/linux/blob/master/drivers/ata/pata_acpi.c#L145>
> <https://github.com/torvalds/linux/blob/master/drivers/ata/pata_acpi.c#L145>
> 	
> linux/pata_acpi.c at master · torvalds/linux
> <https://github.com/torvalds/linux/blob/master/drivers/ata/pata_acpi.c#L145>
> Linux kernel source tree. Contribute to torvalds/linux development by creating
> an account on GitHub.
> github.com
> 
> 
> 
> Best Regards,
> - Chengfeng

The ata_timing array last element is 0xff, which is the initial value of pio/dma
mode. So an entry will always be returned. I do not think the NULL return ever
triggers.

-- 
Damien Le Moal
Western Digital Research

Powered by blists - more mailing lists