On 2021/3/8 18:19, Heiner Kallweit wrote:
On 08.03.2021 10:31, Jia-Ju Bai wrote:
When sock_alloc_send_skb() returns NULL to skb, no error return code of
dgram_sendmsg() is assigned.
To fix this bug, err is assigned with -ENOMEM in this case.

Please stop sending such nonsense. Basically all such patches you
sent so far are false positives. You have to start thinking,
don't blindly trust your robot.
In the case here the err variable is populated by sock_alloc_send_skb().

Ah, sorry, it is my fault :(
I did not notice that the err variable is populated by sock_alloc_send_skb().
I will think more carefully before sending patches.

By the way, I wonder how to report and discuss possible bugs that I am not quite sure of? Some people told me that sending patches is better than reporting bugs via Bugzilla, so I write the patches of these possible bugs...
Do you have any advice?

Thanks a lot!


Best wishes,
Jia-Ju Bai

Fixes: 78f821b64826 ("ieee802154: socket: put handling into one file")
Reported-by: TOTE Robot <os...@tsinghua.edu.cn>
Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com>
---
  net/ieee802154/socket.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c
index a45a0401adc5..a750b37c7e73 100644
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -642,8 +642,10 @@ static int dgram_sendmsg(struct sock *sk, struct msghdr 
*msg, size_t size)
        skb = sock_alloc_send_skb(sk, hlen + tlen + size,
                                  msg->msg_flags & MSG_DONTWAIT,
                                  &err);
-       if (!skb)
+       if (!skb) {
+               err = -ENOMEM;
                goto out_dev;
+       }
skb_reserve(skb, hlen);

Reply via email to