[#LU-5494] mdd: Null pointer may be passed to function that may dereference it

Tracking bug for static code analysis fixes. (LU-2753) [LU-5494] mdd: Null pointer may be passed to function that may dereference it Created: 15/Aug/14 Updated: 06/May/16 Resolved: 06/May/16
Status:	Resolved
Project:	Lustre
Component/s:	None
Affects Version/s:	None
Fix Version/s:	Lustre 2.9.0

Type:

Technical task

Priority:

Minor

Reporter:

Dmitry Eremin (Inactive)

Assignee:

Dmitry Eremin (Inactive)

Resolution:

Fixed

Votes:

Labels:

Issue Links:

Related
is related to	~~LU-6450~~	most MAY_* constants defined in lustr...	Resolved

Rank (Obsolete):

15334

Description

Null pointer 'mdd_pobj' that comes from line 311 may be passed to function and can be dereferenced there by passing argument 2 to function 'mdd_may_create' at line 364. Also there is one similar error on line 367.

TRACEBACK:
mdd_permission.c:311: 'mdd_pobj' has been assigned a NULL value.
mdd_permission.c:326: pobj!= ( (void* )0) is false
mdd_permission.c:364: 'mdd_pobj' is dereferenced by passing argument 2 to function 'mdd_may_create'.
mdd_dir.c:336: 'pobj' is passed to function 'mdd_may_create'.
mdd_dir.c:348: mdd_is_dead_obj(pobj) is false
mdd_dir.c:365: 'pobj' is dereferenced by passing argument 2 to function 'mdd_permission_internal_locked'.
mdd_internal.h:508: 'obj' is passed to function 'mdd_permission_internal_locked'.
mdd_internal.h:513: 'obj' is dereferenced by passing argument 2 to function '__mdd_permission_internal'.
mdd_permission.c:243: 'obj' is passed to function '__mdd_permission_internal'.
mdd_permission.c:265: 'obj' is dereferenced by passing argument 1 to function 'mdd_is_immutable'.
mdd_internal.h:425: 'obj' is passed to function 'mdd_is_immutable'.
mdd_internal.h:427: 'obj' is explicitly dereferenced.

345        check_create = mask & MAY_CREATE;
346        check_link = mask & MAY_LINK;
347        check_unlink = mask & MAY_UNLINK;
348        check_rename_src = mask & MAY_RENAME_SRC;
349        check_rename_tar = mask & MAY_RENAME_TAR;
350        check_vtx_part = mask & MAY_VTX_PART;
351        check_vtx_full = mask & MAY_VTX_FULL;
352        check_rgetfacl = mask & MAY_RGETFACL;
353
354        mask &= ~(MAY_CREATE | MAY_LINK |
355                MAY_UNLINK |
356                MAY_RENAME_SRC | MAY_RENAME_TAR |
357                MAY_VTX_PART | MAY_VTX_FULL |
358                MAY_RGETFACL);
359
360	rc = mdd_permission_internal_locked(env, mdd_cobj, cattr, mask,
361					MOR_TGT_CHILD);
362		
363	if (!rc && check_create)
364		rc = mdd_may_create(env, mdd_pobj, pattr, mdd_cobj, true);
365
366	if (!rc && check_unlink)
367		rc = mdd_may_unlink(env, mdd_pobj, pattr, cattr);
368
369	if (!rc && (check_rename_src || check_rename_tar))
370		rc = mdd_may_delete(env, mdd_pobj, pattr, mdd_cobj, cattr, NULL,
371				1, check_rename_tar);

Comments

Comment by Dmitry Eremin (Inactive) [ 06/May/16 ]

Fixed by ~~LU-6450~~

Generated at Sat Feb 10 01:51:58 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.

[LU-5494] mdd: Null pointer may be passed to function that may dereference it Created: 15/Aug/14 Updated: 06/May/16 Resolved: 06/May/16