[LU-8128] static analysis tool detected potential NULL dereference in ldlm layer Created: 11/May/16  Updated: 30/Aug/23  Resolved: 13/May/16

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.7.0, Lustre 2.5.3, Lustre 2.8.0, Lustre 2.9.0
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: James A Simmons Assignee: Oleg Drokin
Resolution: Not a Bug Votes: 0
Labels: None

Issue Links:
Related
is related to LU-4629 Issues found by static analysis tools Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

Dan Carpenter reported the following that detected by Parfait which is an Oracle static analysis tool. This was discovered by Lidza Louina from Oracle.
Here is what was reported by the tool:

drivers/staging/lustre/lustre/ldlm/interval_tree.c
   399  void interval_erase(struct interval_node *node,
   400                      struct interval_node **root)
   401  {
   402          struct interval_node *child, *parent;
   403          int color;
   404  
   405          LASSERT(interval_is_intree(node));
   406          node->in_intree = 0;
   407          if (!node->in_left) {
   408                  child = node->in_right;
   409          } else if (!node->in_right) {
   410                  child = node->in_left;
   411          } else { /* Both left and right child are not NULL */
   412                  struct interval_node *old = node;
   413  
   414                  node = interval_next(node);
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^
It looks like interval_next() can return NULL.

   415                  child = node->in_right;
   416                  parent = node->in_parent;
   417                  color = node->in_color;
   418  

Here is the interval_next() function:

drivers/staging/lustre/lustre/ldlm/interval_tree.c
   111  static struct interval_node *interval_next(struct interval_node *node)
   112  {
   113          if (!node)
   114                  return NULL;
   115          if (node->in_right)
   116                  return interval_first(node->in_right);
   117          while (node->in_parent && node_is_right_child(node))
                       ^^^^^^^^^^^^^^^
We assume that ->in_parent can be NULL here.  Is that actually possible?

   118                  node = node->in_parent;
   119          return node->in_parent;
   120  }


 Comments   
Comment by Peter Jones [ 11/May/16 ]

Oleg is looking into this

Comment by Jinshan Xiong (Inactive) [ 13/May/16 ]

Since @node is obviously not NULL in the code snippet, interval_next() won't return NULL in that case.

Comment by Oleg Drokin [ 13/May/16 ]

when we call interval_next there, the node->in_right is not NULL (checked above), as such the interval next never gets to the while loop in question and goes under if (node->in_right) condition that calls interval_first that does not return NULL unless node itself is NULL which cannot happen either in this case.

Comment by Oleg Drokin [ 13/May/16 ]

also thanks to Jinshan for clearing this out.

Generated at Sat Feb 10 02:14:53 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.