On Wed, Sep 03, 2014 at 08:14:07AM +0000, Gleb Smirnoff wrote: > Author: glebius > Date: Wed Sep 3 08:14:07 2014 > New Revision: 270999 > URL: http://svnweb.freebsd.org/changeset/base/270999 > > Log: > Fix dereference after NULL check. > > CID: 1234607 > Sponsored by: Nginx, Inc. > > Modified: > head/sys/kern/kern_proc.c > > Modified: head/sys/kern/kern_proc.c > ============================================================================== > --- head/sys/kern/kern_proc.c Wed Sep 3 08:13:46 2014 (r270998) > +++ head/sys/kern/kern_proc.c Wed Sep 3 08:14:07 2014 (r270999) > @@ -921,10 +921,11 @@ fill_kinfo_proc_only(struct proc *p, str > kp->ki_xstat = p->p_xstat; > kp->ki_acflag = p->p_acflag; > kp->ki_lock = p->p_lock; > - if (p->p_pptr) > + if (p->p_pptr) { > kp->ki_ppid = proc_realparent(p)->p_pid; > - if (p->p_flag & P_TRACED) > - kp->ki_tracer = p->p_pptr->p_pid; > + if (p->p_flag & P_TRACED) > + kp->ki_tracer = p->p_pptr->p_pid; > + } > }
If P_TRACED is set, p_pptr must be non-NULL. Or in reverse, only kernel process (pid 0) may have p_pptr as NULL, and it cannot be traced. Previous code contained assertion (triggered by paging hardware) that p_pptr is not NULL if P_TRACED is set. It is Coverity which cannot deduce the invariant. I do not expect any analyzer to be able to make the implication, though.
pgpIjoY8yJd7V.pgp
Description: PGP signature
