Re: [PATCH] iphase: Adding a null pointer check
From: Alexey Khoroshilov
Date: Mon Jan 08 2024 - 12:40:21 EST
Proposal for subject:
atm: iphase: Move check for NULL before derefence in get_desc()
On 07.11.2023 15:36, Andrey Shumilin wrote:
> The pointer <dev->desc_tbl[i].iavcc> is dereferenced on line 195.
> Further in the code, it is checked for null on line 204.
> It is proposed to add a check before dereferencing the pointer.
Line numbers in commit messages are not welcome since they are subject
for change and a reader of the message likely has other code at that
lines in his version of the file.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Andrey Shumilin <shum.sdl@xxxxxxxx>
> ---
> drivers/atm/iphase.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c
> index 324148686953..596422fbfacc 100644
> --- a/drivers/atm/iphase.c
> +++ b/drivers/atm/iphase.c
> @@ -192,6 +192,11 @@ static u16 get_desc (IADEV *dev, struct ia_vcc *iavcc) {
> i++;
> continue;
> }
> + if (!(iavcc_r = dev->desc_tbl[i].iavcc)) {
> + printk("Fatal err, desc table vcc or skb is NULL\n");
> + i++;
> + continue;
> + }
Error message should be fixed, skb is not check for NULL here.
> ltimeout = dev->desc_tbl[i].iavcc->ltimeout;
> delta = jiffies - dev->desc_tbl[i].timestamp;
> if (delta >= ltimeout) {
>
> if (!dev->desc_tbl[i].txskb || !(iavcc_r =
dev->desc_tbl[i].iavcc))
> printk("Fatal err, desc table vcc or skb is NULL\n");
The existing check should be fixed to check for skb only.
--
Alexey