Re: [PATCH 1/3] thermal: testing: Avoid NULL pointer dereference on missing arg
From: David Laight
Date: Sun Jun 07 2026 - 16:49:12 EST
On Sun, 7 Jun 2026 12:55:13 -0700
Guru Das Srinagesh <linux@xxxxxxxxxxx> wrote:
> On Sun, Jun 07, 2026 at 12:23:18PM +0100, David Laight wrote:
> > On Sat, 6 Jun 2026 19:52:49 -0700
> > Guru Das Srinagesh <linux@xxxxxxxxxxx> wrote:
> >
> > > On Sun, Jun 07, 2026 at 12:04:18AM +0300, Ovidiu Panait wrote:
> > > [...]
> > > > To fix this, make arg an empty string instead of leaving it NULL when the
> > > > separator is missing. sscanf() then fails correctly with -EINVAL on it.
> > > [...]
> > > > ---
> > > > drivers/thermal/testing/command.c | 2 ++
> > > > 1 file changed, 2 insertions(+)
> > > >
> > > > diff --git a/drivers/thermal/testing/command.c b/drivers/thermal/testing/command.c
> > > > index 1159ecea57e7..5513a26feed7 100644
> > > > --- a/drivers/thermal/testing/command.c
> > > > +++ b/drivers/thermal/testing/command.c
> > > > @@ -150,6 +150,8 @@ static ssize_t tt_command_process(char *s)
> > > > if (arg) {
> > > > *arg = '\0';
> > > > arg++;
> > > > + } else {
> > > > + arg = s + strlen(s);
> > > > }
> > >
> > > Here, `arg` is made to point to the NUL terminator of s. Couldn't this be simplified to:
> > >
> > > arg = "";
> > >
> > > to make the intent clearer? Since `tt_command_exec()` takes in arg as `const char *`,
> > > pointing `arg` to a string literal is fine.
> > >
> >
> > Except that 'arg' itself must be 'char *' otherwise the '*arg = 0'
> > higher up will fail.
>
> Sorry, could you please clarify the concern further?
>
> `arg` is already `char *` (line 144), and I verified that my suggestion compiles fine.
But "" is 'const char *'.
Which is usually a compile error.
Unless the kernel is compiled with some permissive compilation options...
-- David