Re: Null dereference errors in the kernel

From: Daniel Drake
Date: Tue Jul 18 2006 - 05:15:54 EST

Thomas Dillig wrote:

We are PhD students at Stanford University working on a static analysis project called SATURN ( We have implemented a checker that finds potential null dereference errors and ran our tool on the kernel version We have identified around 300 potential issues related to null errors, and we've included 20 sample reports below. If you would be interested, we can post all the issues we found. Also, we apologize in advance if we aren't supposed to post these error reports here, and we are happy to submit bug reports elsewhere if you tell us where to post these.

Interesting idea. I just looked at one of them out of curiosity, but I'm not sure it is valid. Either that or I have misunderstood the problem it is identifying?

1176, 1180 drivers/char/isicom.c
Possible null dereference of variable "tty" checked for NULL at (1183:drivers/char/isicom.c).

This function is part of the tty_operations API, that would be a pretty broken interface if it provided the possibility of a NULL tty to work on. Additionally, all of the callers seem to do this:

tty->driver->put_char(tty, c);

If tty is NULL here, we have larger problems at hand :)

I'm also unsure how this null dereference is related to line 1183.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at