From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Currently rctr_end may assigned null if strchr() fails leading to
a null pointer dereference in the following check on *(rctr_end + 1).
Fix this by also adding a null pointer check before the dereference.
Detected by CoverityScan, CID#1473700 ("Dereference null return value")
Fixes: 1cc33161a83d ("uprobes: Support SDT markers having reference count (semaphore)")
Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
---
kernel/trace/trace_uprobe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c
index 3a7c73c40007..c5514651e61f 100644
--- a/kernel/trace/trace_uprobe.c
+++ b/kernel/trace/trace_uprobe.c
@@ -477,7 +477,7 @@ static int create_trace_uprobe(int argc, char **argv)
rctr = strchr(arg, '(');
if (rctr) {
rctr_end = strchr(rctr, ')');
- if (rctr > rctr_end || *(rctr_end + 1) != 0) {
+ if (!rctr_end || rctr > rctr_end || *(rctr_end + 1) != 0) {
ret = -EINVAL;
pr_info("Invalid reference counter offset.\n");
goto fail_address_parse;
--
2.17.1
