Re: [PATCH] staging: rts5208: add check on NULL before dereference

From: okaya
Date: Sat Jun 09 2018 - 18:23:02 EST

Next message: syzbot: "BUG: unable to handle kernel paging request in ebt_do_table"
Previous message: Randy Dunlap: "Re: sd 6:0:0:0: [sdb] Unaligned partial completion (resid=12, sector_sz=512)"
In reply to: Andy Shevchenko: "Re: [PATCH] staging: rts5208: add check on NULL before dereference"
Next in thread: Dan Carpenter: "Re: [PATCH] staging: rts5208: add check on NULL before dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2018-06-09 15:34, Andy Shevchenko wrote:

On Sat, Jun 9, 2018 at 7:58 PM, <okaya@xxxxxxxxxxxxxx> wrote:

On 2018-06-09 12:38, Anton Vasilyev wrote:

If rtsx_probe fails to allocate dev->chip, then NULL pointer
dereference occurs at rtsx_release_resources().

Patch adds checks chip on NULL before its dereference at
rtsx_release_resources and passing with dereference inside
rtsx_release_chip.

Found by Linux Driver Verification project (linuxtesting.org).

I think you should bail out if dev->chip is null rather than adding
conditiinals.

I'm wondering if it's false positive. At which circumstances that may happen?

Only if dev->chip allocation fails. Code tries to cleanup prior resources by calling clean_everything() function which ends up in rtsx_release_resources()

Next message: syzbot: "BUG: unable to handle kernel paging request in ebt_do_table"
Previous message: Randy Dunlap: "Re: sd 6:0:0:0: [sdb] Unaligned partial completion (resid=12, sector_sz=512)"
In reply to: Andy Shevchenko: "Re: [PATCH] staging: rts5208: add check on NULL before dereference"
Next in thread: Dan Carpenter: "Re: [PATCH] staging: rts5208: add check on NULL before dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]