Hi,
On 24/07/2019 11:02, Christoph Hellwig wrote:
On Wed, Jul 24, 2019 at 09:48:38AM +0100, Steven Whitehouse wrote:
Hi,
On 24/07/2019 09:43, Jia-Ju Bai wrote:
In gfs2_alloc_inode(), when kmem_cache_alloc() on line 1724 returns
NULL, ip is assigned to NULL. In this case, "return &ip->i_inode" will
cause a null-pointer dereference.
To fix this null-pointer dereference, NULL is returned when ip is NULL.
This bug is found by a static analysis tool STCheck written by us.
The bug is in the tool I'm afraid. Since i_inode is the first element of ip,
there is no NULL dereference here. A pointer to ip->i_inode and a pointer to
ip are one and the same (bar the differing types) which is the reason that
we return &ip->i_inode rather than just ip,
But that doesn't help if ip is NULL, as dereferencing a field in in
still remains invalid behavior.
We are not dereferencing it though really, we are taking the address of
the field... we could have written:
return (struct inode *)ip;
and it would have the same effect, so far as I can tell. I don't mind
changing it, if that is perhaps a clearer way to write the same thing,
rather than &ip->i_inode;
Steve.
