bug report: serial: 8250: Rate limit serial port rx interrupts during input overruns

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Static analysis with CoverityScan found a potential null pointer
deference issue with a null uart with recent commit
6d7f677a2afa1c82d7fc7af7f9159cbffd5dc010 ("serial: 8250: Rate limit
serial port rx interrupts during input overruns").

Coverity Analysis is below:


 983        uart = serial8250_find_match_or_unused(&up->port);

    2. Condition uart, taking false branch.
    3. var_compare_op: Comparing uart to null implies that uart might be
null.

 984        if (uart && uart->port.type != PORT_8250_CIR) {
 985                if (uart->port.dev)

...
...

1075        /* Initialise interrupt backoff work if required */

    4. Condition up->overrun_backoff_time_ms > 0, taking false branch.

1076        if (up->overrun_backoff_time_ms > 0) {

    CID 1475967 (#1 of 2): Dereference after null check (FORWARD_NULL)

1077                uart->overrun_backoff_time_ms =
up->overrun_backoff_time_ms;
1078                INIT_DELAYED_WORK(&uart->overrun_backoff,
1079                                  serial_8250_overrun_backoff_work);
1080        } else {

    CID 1475967 (#2 of 2): Dereference after null check (FORWARD_NULL)5.
var_deref_op: Dereferencing null pointer uart.

1081                uart->overrun_backoff_time_ms = 0;
1082        }

The implication is that uart could be null, so the code block between
lines 1076 and 1082 should be guarded with a sanity null check on uart too.

Colin



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux PPP]     [Linux FS]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Linmodem]     [Device Mapper]     [Linux Kernel for ARM]

  Powered by Linux