lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <TYCP286MB11881C0EDA01EB1882A3AB2D8A849@TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM>
Date:   Tue, 26 Oct 2021 12:25:26 +0000
From:   YE Chengfeng <cyeaa@...nect.ust.hk>
To:     John Garry <john.garry@...wei.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: 回复: 回复: driver/bug: suspected missing null check in hisi_lpc.c

Thanks for your reply.

You are right. I found that null-check is already performed in the caller of this two function. Sorry for the bothering.

Best Regards,
Chengfeng 

-----邮件原件-----
发件人: John Garry <john.garry@...wei.com> 
发送时间: 2021年10月26日 18:33
收件人: YE Chengfeng <cyeaa@...nect.ust.hk>; linux-kernel@...r.kernel.org
主题: Re: 回复: driver/bug: suspected missing null check in hisi_lpc.c

On 25/10/2021 16:31, YE Chengfeng wrote:
> It is driver/bus, sorry for the typo.
> 
> -----邮件原件-----
> 发件人: YE Chengfeng
> 发送时间: 2021年10月25日 23:22
> 收件人: linux-kernel@...r.kernel.org; john.garry@...wei.com
> 主题: driver/bug: suspected missing null check in hisi_lpc.c
> 
> Hi,
> 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> ub.com%2Ftorvalds%2Flinux%2Fblob%2Fmaster%2Fdrivers%2Fbus%2Fhisi_lpc.c
> %23L483&amp;data=04%7C01%7Ccyeaa%40connect.ust.hk%7Cc26f0b4a52504737c2
> 7508d9986bf5ae%7C6c1d415239d044ca88d9b8d6ddca0708%7C1%7C0%7C6377084117
> 14447677%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL
> CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=lkx93QoK%2FN1ilG0u5il5l
> hVjUiAbVY6RX%2FuJh%2BBHmuI%3D&amp;reserved=0
> 
> Our experimental static analysis tool detects a null-ptr-reference problem. It could be false positive, we report this to you just in case.
> 
> Null check is missing for the return pointer of ACPI_COMPANION at line 483 and line 504. It seems that there could be potential null-ptr-dereference problem at line 488 and line 509. Could you spare some time to have a look at it?
> 
> Thanks so much,
> Chengfeng
> 

I don't think that we should have a problem as ACPI_COMPANION() should just not return NULL for us. But I can't give you a better reason than that without fully examining the ACPI code, which I'm not keen on...

Thanks,
John

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ