Re: [PATCH] led: triggers: Fix NULL dereference in led_trigger_set() error handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 05, 2019 at 02:06:26PM +0200, Uwe Kleine-König wrote:
> Hello,
> 
> On Thu, Sep 05, 2019 at 12:57:28PM +0300, Dan Carpenter wrote:
> > The problem is we set "led_cdev->trigger = NULL;" and then dereference
> > it when we call write_lock_irqsave():
> > 
> > 	write_lock_irqsave(&led_cdev->trigger->leddev_list_lock, flags);
> >                             ^^^^^^^^^^^^^^^^^
> > 
> > Fixes: 2282e125a406 ("leds: triggers: let struct led_trigger::activate() return an error code")
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> 
> Obviously right. Thanks for catching.
> 
> Reviewed-by: Uwe Kleine-König <u.kleine-koenig@xxxxxxxxxxxxxx>
> 
> Did you find this at runtime or by using some static checker?

Yes.  It's a new one that I'm working on.

It's a tricky thing because it turns out Smatch thinks a whole lot of
pointers are definitely NULL when they aren't.  For example, if the
struct is allocated with kzalloc() and Smatch doesn't see where the
pointer is assigned.

regards,
dan carpenter




[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux