[pciutils] NULL-pointer dereferenciations in setpci.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello list.

I stumbled over segfaults in setpci when trying to set PCI-registers.
The specific call was

  setpci -v -d : latency_timer=b0

The parse_op() function derefences a pointer, which is returned by
parse_x32() which could be NULL, twice (first time when trying to check,
wheter it's NULL... just an '*' too much ;)

I reported this bug to the author as supposed in README, but since
nothing happened in .git and I didn't get a reply, I'm trying here
again.

»Patch« (word way too big for this snippet) is appended.

HAND & LG -- aw
np: The Frames (Breadcrumb Trail) -- 11. Look Back Now
-- 
Angela Merkel zitiere ich ja am liebsten wörtlich.  Ich habe noch
keine bessere Möglichkeit gefunden, diese Frau zu beleidigen.
  -- Volker Pispers
--- a/setpci.c
+++ b/setpci.c
@@ -630,13 +630,13 @@
       e = strchr(value, ',');
       if (e)
 	*e++ = 0;
-      if (parse_x32(value, &f, &ll) < 0 || *f && *f != ':')
+      if (parse_x32(value, &f, &ll) < 0 || f && *f != ':')
 	parse_err("Invalid value \"%s\"", value);
       lim = max_values[op->width];
       if (ll > lim && ll < ~0UL - lim)
 	parse_err("Value \"%s\" is out of range", value);
       op->values[j].value = ll;
-      if (*f == ':')
+      if (f && *f == ':')
 	{
 	  if (parse_x32(f+1, NULL, &ll) <= 0)
 	    parse_err("Invalid mask \"%s\"", f+1);

Attachment: pgpPrmZmdNzKs.pgp
Description: PGP signature


[Index of Archives]     [DMA Engine]     [Linux Coverity]     [Linux USB]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Greybus]

  Powered by Linux