[PATCH] io_uring/kbuf: fix missing check for return value of io_buffer_get_list()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The io_buffer_get_list() function may return NULL, which may
cause null pointer deference, and other callsites of
io_buffer_get_list() all do Null check. Add Null check for
return value of io_buffer_get_list().

Found by our static analysis tool.

Signed-off-by: Chenyuan Mi <cymi20@xxxxxxxxxxxx>
---
 io_uring/kbuf.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c
index 2f0181521c98..d209a0a9e337 100644
--- a/io_uring/kbuf.c
+++ b/io_uring/kbuf.c
@@ -66,9 +66,11 @@ void io_kbuf_recycle_legacy(struct io_kiocb *req, unsigned issue_flags)
 
 	buf = req->kbuf;
 	bl = io_buffer_get_list(ctx, buf->bgid);
-	list_add(&buf->list, &bl->buf_list);
-	req->flags &= ~REQ_F_BUFFER_SELECTED;
-	req->buf_index = buf->bgid;
+	if (likely(bl)) {
+		list_add(&buf->list, &bl->buf_list);
+		req->flags &= ~REQ_F_BUFFER_SELECTED;
+		req->buf_index = buf->bgid;
+	}
 
 	io_ring_submit_unlock(ctx, issue_flags);
 	return;
-- 
2.17.1




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux