On Tue, Jun 15, 2021 at 08:38:33PM +0800, Zhiqiang Liu wrote: > > ndctl_pfn_get_namespace() may return NULL, so callers > should check return value of it. Otherwise, it may > cause access NULL pointer problem. >
Hi Zhiqiang, I see you mentioned this was found by Coverity in the cover letter. Please repeat that in the commit log here. What about the call path: ndctl_dax_get_namespace() --> ndctl_pfn_get_namespace() Seems like another place where ndctl_pfn_get_namespace() could eventually lead to a NULL ptr dereference. Alison > Signed-off-by: Zhiqiang Liu <[email protected]> > --- > ndctl/namespace.c | 18 ++++++++++++++---- > test/libndctl.c | 4 ++-- > util/json.c | 2 ++ > 3 files changed, 18 insertions(+), 6 deletions(-) > > diff --git a/ndctl/namespace.c b/ndctl/namespace.c > index 0c8df9f..21089d7 100644 > --- a/ndctl/namespace.c > +++ b/ndctl/namespace.c > @@ -1417,11 +1417,16 @@ static int nstype_clear_badblocks(struct > ndctl_namespace *ndns, > > static int dax_clear_badblocks(struct ndctl_dax *dax) > { > - struct ndctl_namespace *ndns = ndctl_dax_get_namespace(dax); > - const char *devname = ndctl_dax_get_devname(dax); > + struct ndctl_namespace *ndns; > + const char *devname; > unsigned long long begin, size; > int rc; > > + ndns = ndctl_dax_get_namespace(dax); > + if (!ndns) > + return -ENXIO; > + > + devname = ndctl_dax_get_devname(dax); > begin = ndctl_dax_get_resource(dax); > if (begin == ULLONG_MAX) > return -ENXIO; > @@ -1441,11 +1446,16 @@ static int dax_clear_badblocks(struct ndctl_dax *dax) > > static int pfn_clear_badblocks(struct ndctl_pfn *pfn) > { > - struct ndctl_namespace *ndns = ndctl_pfn_get_namespace(pfn); > - const char *devname = ndctl_pfn_get_devname(pfn); > + struct ndctl_namespace *ndns; > + const char *devname; > unsigned long long begin, size; > int rc; > > + ndns = ndctl_pfn_get_namespace(pfn); > + if (!ndns) > + return -ENXIO; > + > + devname = ndctl_pfn_get_devname(pfn); > begin = ndctl_pfn_get_resource(pfn); > if (begin == ULLONG_MAX) > return -ENXIO; > diff --git a/test/libndctl.c b/test/libndctl.c > index 24d72b3..05e5ff2 100644 > --- a/test/libndctl.c > +++ b/test/libndctl.c > @@ -1275,7 +1275,7 @@ static int check_pfn_autodetect(struct ndctl_bus *bus, > if (!ndctl_pfn_is_enabled(pfn)) > continue; > pfn_ndns = ndctl_pfn_get_namespace(pfn); > - if (strcmp(ndctl_namespace_get_devname(pfn_ndns), devname) != 0) > + if (!pfn_ndns || strcmp(ndctl_namespace_get_devname(pfn_ndns), > devname) != 0) > continue; > fprintf(stderr, "%s: pfn_ndns: %p ndns: %p\n", __func__, > pfn_ndns, ndns); > @@ -1372,7 +1372,7 @@ static int check_dax_autodetect(struct ndctl_bus *bus, > if (!ndctl_dax_is_enabled(dax)) > continue; > dax_ndns = ndctl_dax_get_namespace(dax); > - if (strcmp(ndctl_namespace_get_devname(dax_ndns), devname) != 0) > + if (!dax_ndns || strcmp(ndctl_namespace_get_devname(dax_ndns), > devname) != 0) > continue; > fprintf(stderr, "%s: dax_ndns: %p ndns: %p\n", __func__, > dax_ndns, ndns); > diff --git a/util/json.c b/util/json.c > index ca0167b..249f021 100644 > --- a/util/json.c > +++ b/util/json.c > @@ -1002,6 +1002,8 @@ static struct json_object > *util_pfn_badblocks_to_json(struct ndctl_pfn *pfn, > pfn_begin = ndctl_pfn_get_resource(pfn); > if (pfn_begin == ULLONG_MAX) { > struct ndctl_namespace *ndns = ndctl_pfn_get_namespace(pfn); > + if (!ndns) > + return NULL; > > return util_namespace_badblocks_to_json(ndns, bb_count, flags); > } > -- > 2.23.0 > > > > > . > > >
