[LU-5594] Null pointer may be dereferenced in libcfs_ioctl_handle() Created: 08/Sep/14  Updated: 12/Jan/18  Resolved: 12/Jan/18

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Dmitry Eremin (Inactive) Assignee: Dmitry Eremin (Inactive)
Resolution: Fixed Votes: 0
Labels: kw

Issue Links:
Related
is related to LU-2753 Tracking bug for static code analysis... Resolved
Severity: 3
Rank (Obsolete): 15616

 Description   

Null pointer 'data' that comes from line 228 may be dereferenced at line 253. Also there are 2 similar errors on line(s) 266, 278.

225		static int libcfs_ioctl_handle(struct cfs_psdev_file *pfile, unsigned long cmd,
226					       void *arg, struct libcfs_ioctl_hdr *hdr)
227		{
228			struct libcfs_ioctl_data *data = NULL;
229			int err;
230			ENTRY;
231		
232			/* The libcfs_ioctl_data_adjust() function performs adjustment
233			 * operations on the libcfs_ioctl_data structure to make
234			 * it usable by the code.  This doesn't need to be called
235			 * for new data structures added. */
236			if (hdr->ioc_version == LIBCFS_IOCTL_VERSION) {
237				data = container_of(hdr, struct libcfs_ioctl_data, ioc_hdr);
238				err = libcfs_ioctl_data_adjust(data);
239				if (err != 0) {
240					RETURN(err);
241				}
242			}
243		
244			switch (cmd) {
245			case IOC_LIBCFS_CLEAR_DEBUG:
246				libcfs_debug_clear_buffer();
247				RETURN(0);
248			/*
249			 * case IOC_LIBCFS_PANIC:
250			 * Handled in arch/cfs_module.c
251			 */
252			case IOC_LIBCFS_MARK_DEBUG:
253				if (data->ioc_inlbuf1 == NULL ||
254				    data->ioc_inlbuf1[data->ioc_inllen1 - 1] != '\0')
255					RETURN(-EINVAL);
256				libcfs_debug_mark_buffer(data->ioc_inlbuf1);
257				RETURN(0);

Generated at Sat Feb 10 01:52:50 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.