| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Apr 2022 10:21:29 -0600
From: Shuah Khan <skhan@...uxfoundation.org>
To: "Colin King (gmail)" <colin.i.king@...il.com>,
Fenghua Yu <fenghua.yu@...el.com>,
Reinette Chatre <reinette.chatre@...el.com>,
Shuah Khan <shuah@...nel.org>, Babu Moger <babu.moger@....com>,
Sai Praneeth Prakhya <sai.praneeth.prakhya@...el.com>,
linux-kselftest@...r.kernel.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org,
Shuah Khan <skhan@...uxfoundation.org>
Subject: Re: [PATCH] selftests/resctrl: Fix null pointer dereference on open
failed
On 4/25/22 10:06 AM, Colin King (gmail) wrote:
> On 25/04/2022 16:51, Shuah Khan wrote:
>> On 4/24/22 3:15 PM, Colin Ian King wrote:
>>> Currently if opening /dev/null fails to open then file pointer fp
>>> is null and further access to fp via fprintf will cause a null
>>> pointer dereference. Fix this by returning a negative error value
>>> when a null fp is detected.
>>>
>>
>> How did you find this problem and how can it be reproduced? Is there
>> a case where test fails to open "/dev/null"?
>
> Found with static analysis, cppcheck. Open on /dev/null is unlikely to fail, but it's good to fail reliably rather than have a SIGSEGV :-)
>
I don't see how /dev/null open could fail here in this test.
However, I will take this fix. Please add information how
you found it and include the cppheck log in the commit log
and send me v2.
thanks,
-- Shuah
Powered by blists - more mailing lists