LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH Linux-next] ioctl_linux: fix a potential NULL pointer dereference bug
@ 2021-08-23  3:06 cgel.zte
  2021-08-23 19:34 ` Pavel Skripkin
  0 siblings, 1 reply; 2+ messages in thread
From: cgel.zte @ 2021-08-23  3:06 UTC (permalink / raw)
  To: gregkh; +Cc: linux-staging, linux-kernel, xu xin, Zeal Robot

From: xu xin <xu.xin16@zte.com.cn>

The pointer might be NULL, but it is dereferenced.

Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: xu xin <xu.xin16@zte.com.cn>
---
 drivers/staging/r8188eu/os_dep/ioctl_linux.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
index a3e6d761e748..ce4ce9190f5f 100644
--- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
@@ -4389,7 +4389,8 @@ static int rtw_dbg_port(struct net_device *dev,
 				pregpriv->rx_stbc = extra_arg;
 				DBG_88E("set rx_stbc =%d\n", pregpriv->rx_stbc);
 			} else {
-				DBG_88E("get rx_stbc =%d\n", pregpriv->rx_stbc);
+				if (pregpriv)
+					DBG_88E("get rx_stbc =%d\n", pregpriv->rx_stbc);
 			}
 		}
 			break;
@@ -4401,7 +4402,8 @@ static int rtw_dbg_port(struct net_device *dev,
 				pregpriv->ampdu_enable = extra_arg;
 				DBG_88E("set ampdu_enable =%d\n", pregpriv->ampdu_enable);
 			} else {
-				DBG_88E("get ampdu_enable =%d\n", pregpriv->ampdu_enable);
+				if (pregpriv)
+					DBG_88E("get ampdu_enable =%d\n", pregpriv->ampdu_enable);
 			}
 		}
 			break;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH Linux-next] ioctl_linux: fix a potential NULL pointer dereference bug
  2021-08-23  3:06 [PATCH Linux-next] ioctl_linux: fix a potential NULL pointer dereference bug cgel.zte
@ 2021-08-23 19:34 ` Pavel Skripkin
  0 siblings, 0 replies; 2+ messages in thread
From: Pavel Skripkin @ 2021-08-23 19:34 UTC (permalink / raw)
  To: cgel.zte, gregkh; +Cc: linux-staging, linux-kernel, xu xin, Zeal Robot

On 8/23/21 6:06 AM, cgel.zte@gmail.com wrote:
> From: xu xin <xu.xin16@zte.com.cn>
> 
> The pointer might be NULL, but it is dereferenced.
> 
> Reported-by: Zeal Robot <zealci@zte.com.cn>
> Signed-off-by: xu xin <xu.xin16@zte.com.cn>
> ---
>   drivers/staging/r8188eu/os_dep/ioctl_linux.c | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> index a3e6d761e748..ce4ce9190f5f 100644
> --- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> +++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> @@ -4389,7 +4389,8 @@ static int rtw_dbg_port(struct net_device *dev,
>   				pregpriv->rx_stbc = extra_arg;
>   				DBG_88E("set rx_stbc =%d\n", pregpriv->rx_stbc);
>   			} else {
> -				DBG_88E("get rx_stbc =%d\n", pregpriv->rx_stbc);
> +				if (pregpriv)
> +					DBG_88E("get rx_stbc =%d\n", pregpriv->rx_stbc);
>   			}
>   		}
>   			break;
> @@ -4401,7 +4402,8 @@ static int rtw_dbg_port(struct net_device *dev,
>   				pregpriv->ampdu_enable = extra_arg;
>   				DBG_88E("set ampdu_enable =%d\n", pregpriv->ampdu_enable);
>   			} else {
> -				DBG_88E("get ampdu_enable =%d\n", pregpriv->ampdu_enable);
> +				if (pregpriv)
> +					DBG_88E("get ampdu_enable =%d\n", pregpriv->ampdu_enable);
>   			}
>   		}
>   			break;
> 


Hi, Xu!

I can't see how pregpriv can be NULL:

	struct registry_priv *pregpriv = &padapter->registrypriv;

It can be NULL in case of completely wrong padapter pointer, but I can't 
see how it's possible. Do you have a calltrace?

I guess, your robot reported this, because there is useless check in 
same code block:

	if (pregpriv &&
		(extra_arg == 0 ||
		 extra_arg == 1 ||
		 extra_arg == 2 ||
		 extra_arg == 3))


So, I think, "pregpriv &&" part should be removed, instead of adding 2 
branches.


Also, subject line should be "staging: r8118eu: <subject>". Thank you!



With regards,
Pavel Skripkin

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-08-23 19:35 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-23  3:06 [PATCH Linux-next] ioctl_linux: fix a potential NULL pointer dereference bug cgel.zte
2021-08-23 19:34 ` Pavel Skripkin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).