On Jul 4, 2011, at 5:04 AM, Jesper Juhl wrote: > On Sun, 3 Jul 2011, Chuck Lever wrote: > >> >> On Jul 3, 2011, at 3:40 AM, Jesper Juhl wrote: >> >>> In fs/nfs/nfsroot.c:root_nfs_parse_options() we call strsep(), which >>> may return NULL, but we do not test the return value before >>> dereferencing the pointer. >>> >>> Signed-off-by: Jesper Juhl <jj@xxxxxxxxxxxxx> >>> --- >>> fs/nfs/nfsroot.c | 2 ++ >>> 1 files changed, 2 insertions(+), 0 deletions(-) >>> >>> Compile tested only. >>> >>> diff --git a/fs/nfs/nfsroot.c b/fs/nfs/nfsroot.c >>> index c4744e1..b6ac860 100644 >>> --- a/fs/nfs/nfsroot.c >>> +++ b/fs/nfs/nfsroot.c >>> @@ -191,6 +191,8 @@ static int __init root_nfs_parse_options(char *incoming, char *exppath, >>> * Set the NFS remote path >>> */ >>> p = strsep(&incoming, ","); >>> + if (!p) >>> + return -1; >> >> strsep() may return NULL only if the value of "incoming" is NULL. But >> callers ensure that "incoming" always contains the address of a fixed >> buffer. Thus if strsep() returns NULL here there is some kind of >> programming error; it's not the result of invalid input. >> >> Do you have a reproducible test case to make this fail? >> > Nope. I simply spotted the unchecked strsep() call and thought that it > would be better to be defensive and check it in case callers change in the > future and a bug creeps in that causes a NULL incoming to be passed. > Perhaps a BUG_ON(!incoming) would be better - or perhaps just forget about > it. While I personally prefer an explicit assertion in cases like this one, the community preference is to avoid cluttering the code with BUG_ONs, since the code would crash anyway in that case. -- Chuck Lever chuck[dot]lever[at]oracle[dot]com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
