Message ID | 20230427-scan-build-v1-2-efa05d65e2da@codewreck.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp199861vqo; Thu, 27 Apr 2023 04:35:55 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4ov8TLnawpD9EZFx2wonA2z3DZZceV+90w5jBEdyS/tR8NsTUsODpZ8+80XjIEl+p7upTR X-Received: by 2002:a05:6a20:6a0d:b0:e4:b52:76c9 with SMTP id p13-20020a056a206a0d00b000e40b5276c9mr7190165pzk.23.1682595355049; Thu, 27 Apr 2023 04:35:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682595355; cv=none; d=google.com; s=arc-20160816; b=msO6L7WyUyX3hVGh3xc2JdvvOefVB+Eu+LjqvNmO7/4EVJcsHlsXGoBnCQuPlhdFCm Ks9JVEf7eVBMT3IJAoiDbZI/FupxAcE8zIIfCmzb4Gfs51dfOwCIAYNpmnZ42B70mjQG wWabNIgBmpOKTFH7eIVyjsjuH3ysllJOybExPWw8s/DJxpA0+xnJX7xXCjiYOO0L+Y7V Z5DgY6dcjzXUF9epNObxeHay+6KQOqaJ3qAxBcevA89Tz9MoD/1oZi9bttq9LDojhoWo bKU+o3YqvyyFOQZmc1lOdCx32rQqBIyLh/u09wTaVVdtfE/WL2o+jt3N97mpGpcnSQ5E TdPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature:dkim-signature; bh=s+rCY3PhNsjKtAMo7ceBkqmXMZyC1GJyZBLyjIlkj7k=; b=DQekjoYzz7Q3it4egqe97T9HUahdeCW01XdgaVHe7zdgXkUHAYx1RepA9QSwMlNGvD OZZiyNLAYVaNypF+pgeC1+9Ml949a4uBO+cNwnxVgcdvu1qJlAMGlDMfm0WSEP3CdjHP tp97vHO5f34d0rYTu3KUtSjx/heVEBlbSolRmethNn4pH7PagVY/aOyluJXiyAEgwm21 GTt1lXiBYw0ZYBRFyWz0XEKDFXhklSlvahDvMkSzHZg7XkEcSjOTEXmxg1/qBuSwXW2d N2V8BQ8yHJEwsLY4tGjByvCdFLYRnVcYNIG0LsKXC5HzE7w0WL+MqGpA6ho/MLTeJGX/ 9xdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codewreck.org header.s=2 header.b=BKMeJuqC; dkim=pass header.i=@codewreck.org header.s=2 header.b=ZlmRSHYP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=codewreck.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bs9-20020a632809000000b00523eac95881si17496487pgb.24.2023.04.27.04.35.24; Thu, 27 Apr 2023 04:35:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@codewreck.org header.s=2 header.b=BKMeJuqC; dkim=pass header.i=@codewreck.org header.s=2 header.b=ZlmRSHYP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=codewreck.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243665AbjD0LYK (ORCPT <rfc822;zxc52fgh@gmail.com> + 99 others); Thu, 27 Apr 2023 07:24:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35446 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243636AbjD0LX7 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 27 Apr 2023 07:23:59 -0400 Received: from nautica.notk.org (ipv6.notk.org [IPv6:2001:41d0:1:7a93::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E8B125B86; Thu, 27 Apr 2023 04:23:57 -0700 (PDT) Received: by nautica.notk.org (Postfix, from userid 108) id E3BB0C023; Thu, 27 Apr 2023 13:23:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2; t=1682594634; bh=s+rCY3PhNsjKtAMo7ceBkqmXMZyC1GJyZBLyjIlkj7k=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=BKMeJuqCAs7gz87ccJfjFExzkNjMiSf/Hrt+lG/vd7cp1BFvOaNAKkEYyEe6kvVlZ wv8ZG02JYJpZsejUbhty0V8HrOXCq7QD+xn6lnvLzzrGQqG4RyU+kZqTnssQ43QS0n bPYO4LfxDOPFbfCwuh87fJj9fEL0hb7w9PzQ1aR29UlOW2TIXLC0AoZ5VlU7mDcg7P xWUWuLpe+hlxIpYWp0KtaX9D6aKuBrc3JifIBrNqMcuyaYgIWm59P0iHXG3o3oReIt iVTBzVpY2Vad0a+BXN2E4f9SBwmRVOy3PTeXMwOxs+ICdtnAG77zniLBvvz1xIB/sV I7y4tzwKLz2Qw== X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 Received: from odin.codewreck.org (localhost [127.0.0.1]) by nautica.notk.org (Postfix) with ESMTPS id 11A22C023; Thu, 27 Apr 2023 13:23:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2; t=1682594633; bh=s+rCY3PhNsjKtAMo7ceBkqmXMZyC1GJyZBLyjIlkj7k=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ZlmRSHYPRZOSAJgH54xjFLq2yzzElppfvubM0NynWTo1tmNsz3qHQbcee2Isz7ceY 3yZTE8Mq4ZakBNtUU3Z8JW+zsI0+DSqJJVDmSRze2XwOiaz+0HAcDpwo0KTz4ZnMRj xW5UpirTNghyfFGznRoDpDfSKqDBV2VG2eF9WPOaZmZ30IJK7qBPrJQKZsZ1nF6GSz IITwI9V4yauR7QtwkL+88D1Cch00cRg2I1Bhoy4I7JswnvdZfWwu2WwaGvRqhzlXWj PjOvZbgBLlASMztmYMZkMIa79mkCUofMCdEtLZ79Kry7mT13q2+X5bK367zWB7+Bpu aJPlWpR7W1OgA== Received: from [127.0.0.2] (localhost [::1]) by odin.codewreck.org (OpenSMTPD) with ESMTP id 224b0460; Thu, 27 Apr 2023 11:23:38 +0000 (UTC) From: Dominique Martinet <asmadeus@codewreck.org> Date: Thu, 27 Apr 2023 20:23:35 +0900 Subject: [PATCH 2/5] 9p: virtio: fix unlikely null pointer deref in handle_rerror MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20230427-scan-build-v1-2-efa05d65e2da@codewreck.org> References: <20230427-scan-build-v1-0-efa05d65e2da@codewreck.org> In-Reply-To: <20230427-scan-build-v1-0-efa05d65e2da@codewreck.org> To: Eric Van Hensbergen <ericvh@gmail.com>, Latchesar Ionkov <lucho@ionkov.net>, Christian Schoenebeck <linux_oss@crudebyte.com>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com> Cc: v9fs@lists.linux.dev, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, Dominique Martinet <asmadeus@codewreck.org> X-Mailer: b4 0.13-dev-f371f X-Developer-Signature: v=1; a=openpgp-sha256; l=1336; i=asmadeus@codewreck.org; h=from:subject:message-id; bh=uAxOy5RN+SshQ0IlB7WUwAUYTCBMSrvtKIu4Ytp0HO8=; b=owEBbQKS/ZANAwAIAatOm+xqmOZwAcsmYgBkSls6sv0W5uY/qDr+rJzbHgv/8wIRfEH4Mb226 8L3vvejGgOJAjMEAAEIAB0WIQT8g9txgG5a3TOhiE6rTpvsapjmcAUCZEpbOgAKCRCrTpvsapjm cIY9D/sG6txif6f/ao9Jzx0NwqwbUftDmaENl23wBkDzshsr8eDrKr1JyNsvgNIy0v6ToBG4q+1 aQ80V4X+/VM0nOAJ+fynVm4z21W1K2oNfgXRTdYzERfDUMkSPlzuiowECY/hJzeyFSoqyNaAFGW 1lHtKoo6hdOmG9Wgr/0GmRXtQUYk+SXyl0fOX7et/7ASmTSv8XSZtazNY3FNX1SiFotyIJ7rxN+ +TqIuai/zi4c/PeFTzOIUUUoTLUJYKleI0dMED7bGvTY1l4wqftWD15r76gcjO1zzbkFgrFn9DN vu8Srzkh7Ctmrw1aJR7p+ot7WeHZgD4sxxXcbySpZ24ziw4RRgaJuVd5HZsJ7fTuYwRNILXEfZD u3Yji+B2kJJqDi1PV6gn/9T9EbH8ftvqzUB7J8EU93kLbq/n4wF+trJoFD3FQAOt9LBP5ry+U/y KjdBLGKFgJGY1tpkOV+XXZnUCktQooqA2IH1zQNntrsjVfVujlYEnRRqVRbL/Ybj9S4qNEyAehQ SVVCiT9T9SXz+1h6t3lZU6RMrLPOtZq9qbKNmP8lQUJGUx2grjFs6GbSQfGjKvLVsBI9PqTqJ7l it7pKb4GSLaR56oan4Iy1BYy/bbGYcwxYbTmW73ZrahU5hD+KECcXRm3ORCS59QGNxiNtvY0pus ibuiffORyhotsvg== X-Developer-Key: i=asmadeus@codewreck.org; a=openpgp; fpr=B894379F662089525B3FB1B9333F1F391BBBB00A Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764329106684303195?= X-GMAIL-MSGID: =?utf-8?q?1764329106684303195?= |
Series |
Fix scan-build warnings
|
|
Commit Message
Dominique Martinet
April 27, 2023, 11:23 a.m. UTC
handle_rerror can dereference the pages pointer, but it is not
necessarily set for small payloads.
In practice these should be filtered out by the size check, but
might as well double-check explicitly.
This fixes the following scan-build warnings:
net/9p/trans_virtio.c:401:24: warning: Dereference of null pointer [core.NullDereference]
memcpy_from_page(to, *pages++, offs, n);
^~~~~~~~
net/9p/trans_virtio.c:406:23: warning: Dereference of null pointer (loaded from variable 'pages') [core.NullDereference]
memcpy_from_page(to, *pages, offs, size);
^~~~~~
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
---
net/9p/trans_virtio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Thu, Apr 27, 2023 at 08:23:35PM +0900, Dominique Martinet wrote: > handle_rerror can dereference the pages pointer, but it is not > necessarily set for small payloads. > In practice these should be filtered out by the size check, but > might as well double-check explicitly. > > This fixes the following scan-build warnings: > net/9p/trans_virtio.c:401:24: warning: Dereference of null pointer [core.NullDereference] > memcpy_from_page(to, *pages++, offs, n); > ^~~~~~~~ > net/9p/trans_virtio.c:406:23: warning: Dereference of null pointer (loaded from variable 'pages') [core.NullDereference] > memcpy_from_page(to, *pages, offs, size); > ^~~~~~ > > Signed-off-by: Dominique Martinet <asmadeus@codewreck.org> Reviewed-by: Simon Horman <simon.horman@corigine.com>
diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c index 3c27ffb781e3..2c9495ccda6b 100644 --- a/net/9p/trans_virtio.c +++ b/net/9p/trans_virtio.c @@ -384,7 +384,7 @@ static void handle_rerror(struct p9_req_t *req, int in_hdr_len, void *to = req->rc.sdata + in_hdr_len; // Fits entirely into the static data? Nothing to do. - if (req->rc.size < in_hdr_len) + if (req->rc.size < in_hdr_len || !pages) return; // Really long error message? Tough, truncate the reply. Might get