| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <81a99dd1-0ef6-9bd0-31c0-b0934023746b@opensource.wdc.com> Date: Tue, 26 Oct 2021 13:09:41 +0900 From: Damien Le Moal <damien.lemoal@...nsource.wdc.com> To: Chengfeng Ye <cyeaa@...nect.ust.hk> Cc: linux-kernel@...r.kernel.org Subject: Re: [PATCH] driver/ata: fix potential null pointer dereference on pointer last_sge On 2021/10/25 22:13, Chengfeng Ye wrote: > The pointer cs_desc could be null if the loop is not > executed, so there is a potential NULL-PTR dereference > issue. Fix this by adding a null check before dereference. > > Signed-off-by: Chengfeng Ye <cyeaa@...nect.ust.hk> > --- > drivers/ata/sata_sil24.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/ata/sata_sil24.c b/drivers/ata/sata_sil24.c > index 06a1e27c4f84..2bd595da799f 100644 > --- a/drivers/ata/sata_sil24.c > +++ b/drivers/ata/sata_sil24.c > @@ -785,6 +785,8 @@ static inline void sil24_fill_sg(struct ata_queued_cmd *qc, > sge++; > } > > + if (!last_sge) > + return; > last_sge->flags = cpu_to_le32(SGE_TRM); > } I do not think that this fix is necessary: sil24_fill_sg() is called only if the qc has ATA_QCFLAG_DMAMAP set (see sil24_qc_prep()) and that in turn is only set if ata_sg_setup() sees at least one sg entry. So the loop in sil24_fill_sg() will always be executed for qc marked with ATA_QCFLAG_DMAMAP and so last_sg cannot be NULL. -- Damien Le Moal Western Digital Research
Powered by blists - more mailing lists