lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGG=3QVa6BgdtRknf3zY3tkguC1=FcMvNvz3fM8Ngywp0g_aRg@mail.gmail.com>
Date: Fri, 23 May 2025 17:35:23 -0700
From: Bill Wendling <morbo@...gle.com>
To: Randy Dunlap <rdunlap@...radead.org>
Cc: Masahiro Yamada <masahiroy@...nel.org>, 
	Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] kconfig: check for a NULL pointer before access

On Fri, May 23, 2025 at 4:48 PM Randy Dunlap <rdunlap@...radead.org> wrote:
> On 5/23/25 3:56 PM, Bill Wendling wrote:
> > On Thu, May 22, 2025 at 5:16 PM Randy Dunlap <rdunlap@...radead.org> wrote:
> >>
> >> Hi,
> >>
> >> On 5/22/25 5:07 PM, Bill Wendling wrote:
> >>> The call to 'prop_get_symbol' may return NULL in some cases. The if-then
> >>> statement accesses the returned value without checking if it's
> >>> non-NULL. After inlining, the compiler may treat the conditional as
> >>> 'undefined behavior', which the compiler may take the opportunity to do
> >>> whatever it wants with the UB path. This patch simply adds a check to
> >>> ensure that 'def_sym' is non-NULL to avoid this behavior.
> >>>
> >>> Signed-off-by: Bill Wendling <morbo@...gle.com>
> >>> ---
> >>> Cc: Masahiro Yamada <masahiroy@...nel.org>
> >>> Cc: linux-kbuild@...r.kernel.org
> >>> Cc: linux-kernel@...r.kernel.org
> >>> ---
> >>>  scripts/kconfig/symbol.c | 2 +-
> >>>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>>
> >>> diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c
> >>> index d57f8cbba291..9c5068225328 100644
> >>> --- a/scripts/kconfig/symbol.c
> >>> +++ b/scripts/kconfig/symbol.c
> >>> @@ -272,7 +272,7 @@ struct symbol *sym_choice_default(struct menu *choice)
> >>>   if (prop->visible.tri == no)
> >>>   continue;
> >>>   def_sym = prop_get_symbol(prop);
> >>> - if (def_sym->visible != no)
> >>> + if (def_sym && def_sym->visible != no)
> >>>   return def_sym;
> >>>   }
> >>>
> >>
> >> The patch is missing the source file's indentation.
> >> (spaces/tabs are lost)
> >>
> > Crud! My mailer borked. I sent v2 and it looks to have kept the whitespaces.
>
> I don't think v2 worked either.
> See  https://lore.kernel.org/linux-kbuild/CAGG=3QXQkJ6n0J1gZcgxfEb68NWN2y200ZCuxxDtqPRgWPci=A@mail.gmail.com/T/#mf64c7afd19235d3dee4e572f96ff76936f921c6e
>
Goddamnit! I'll try again...

-bw

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ