[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <m3o6qotrxi.fsf@t19.piap.pl>
Date: Fri, 03 Oct 2025 08:34:01 +0200
From: Krzysztof Hałasa <khalasa@...p.pl>
To: Kriish Sharma <kriish.sharma2006@...il.com>
Cc: khc@...waw.pl, andrew+netdev@...n.ch, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers/net/wan/hdlc_ppp: fix potential null pointer in
ppp_cp_event logging
Hi Kriish,
Kriish Sharma <kriish.sharma2006@...il.com> writes:
> Fixes warnings observed during compilation with -Wformat-overflow:
>
> drivers/net/wan/hdlc_ppp.c: In function ‘ppp_cp_event’:
> drivers/net/wan/hdlc_ppp.c:353:17: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
> 353 | netdev_info(dev, "%s down\n", proto_name(pid));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/wan/hdlc_ppp.c:342:17: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
> 342 | netdev_info(dev, "%s up\n", proto_name(pid));
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It appears proto_name(pid) never returns NULL there. Despite actually
saying "return NULL", that's right :-)
Perhaps you should change it to return "LCP" by default instead, and
not only on PID_LCP? It should silence the compiler.
This ppp_cp_event() is called in a few places:
- ppp_cp_parse_cr()
- ppp_rx()
- ppp_timer() (with a known protocol, though)
- and others, with PID_LCP.
Now, before printing proto_name(pid), ppp_cp_event() does
proto = get_proto(pid), and dereferences it :-)
The pid seems to always come from ppp_rx(). Fortunately it's checked
at start, and it case of an unknown proto it goes straight to rx_error.
--
Krzysztof "Chris" Hałasa
Sieć Badawcza Łukasiewicz
Przemysłowy Instytut Automatyki i Pomiarów PIAP
Al. Jerozolimskie 202, 02-486 Warszawa
Powered by blists - more mailing lists