Re: Potential null-pointer-dereference problem due to missing null-checking for ata_timing_find_mode

From: Damien Le Moal
Date: Sun Oct 24 2021 - 19:24:43 EST

Next message: Stephen Rothwell: "linux-next: build warning after merge of the qcom tree"
Previous message: Linus Walleij: "Re: [PATCH v2 6/8] ARM: dts: arm: Update register-bit-led nodes 'reg' and node names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2021/10/25 3:08, YE Chengfeng wrote:
> Hi,
>
> I found that the function *ata_timing_find_mode *could return a null pointer in
> some situattions, but some call sites of this function don't check whether the
> return value is a null pointer. Could it be a potential null-pointer-dereference
> problem?
> https://github.com/torvalds/linux/blob/master/drivers/ata/pata_acpi.c#L145
> <https://github.com/torvalds/linux/blob/master/drivers/ata/pata_acpi.c#L145>
> <https://github.com/torvalds/linux/blob/master/drivers/ata/pata_acpi.c#L145>
>
> linux/pata_acpi.c at master · torvalds/linux
> <https://github.com/torvalds/linux/blob/master/drivers/ata/pata_acpi.c#L145>
> Linux kernel source tree. Contribute to torvalds/linux development by creating
> an account on GitHub.
> github.com
>
>
>
> Best Regards,
> - Chengfeng

The ata_timing array last element is 0xff, which is the initial value of pio/dma
mode. So an entry will always be returned. I do not think the NULL return ever
triggers.

--
Damien Le Moal
Western Digital Research

Next message: Stephen Rothwell: "linux-next: build warning after merge of the qcom tree"
Previous message: Linus Walleij: "Re: [PATCH v2 6/8] ARM: dts: arm: Update register-bit-led nodes 'reg' and node names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]