Re: NULL pointer deref when running BPF monitor program (6.11.0-rc1)

From: Steven Rostedt
Date: Wed Oct 09 2024 - 20:57:52 EST


On Wed, 9 Oct 2024 20:56:47 -0400
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:

> I was thinking if something like objtool (could be something else that can
> read the executable code) and know of where functions are. It could just
> see if anything tests rdi, rsi, rdx, rcx, r8 or r9 (or their 32 bit
> alternatives) for NULL before using or setting it.
>
> If it does, then we know that one of the arguments could possibly be NULL.

Oh, and it only needs to look at functions that are named:

trace_event_raw_event_*()

-- Steve