Am Montag, 14. August 2017, 14:25:49 CEST schrieb Plauth, Max: Hi Max,
> Dear linux-crypto community, > > I think I might have run into a bug in crypto/scatterwalk.c: > - at the end of scatterwalk_pagedone, sg_next(walk->sg) is fed as an > argument to scatterwalk_start(...) - sg_next (lib/scatterlist.c) returns > NULL in the case of sg_is_last(sg) - In this case, NULL is being fed into > scatterwalk_start > - there, a NULL value of *sg leads to a NULL pointer dereference: > walk->sg = sg; > walk->offset = sg->offset; > > I stumbled across this issue when I tried to extend the cryptodev-linux > Kernel module with support for compression algorithms > (https://github.com/plauth/cryptodev-linux). You are quite right that this looks like a nullpointer. But you should never run into this problem because the scatterwalk length definition should ensure that this never happens. I.e. the scatterwalk length should not be longer than the underlying SGL. Thus, the bug you report is rather a bug in the scatterlist / scatterwalk length definition. Ciao Stephan
