[linux-usb-devel] [patch] Fwd: [CHECKER] 54 missing null pointer checks in 2.4.17

Mon, 10 Jun 2002 00:14:38 -0700 

These are some of the usb relevant bugs from the latest round of checker 
reports, posted to lkml. I compared these reports to 2.4.19-pre10 and 2.5.21. 
Patches are _compile_ tested only, but look good to me. Please review and 
consider merging upstream, ideally before 2.4.19.

Brad

------------------------
[BUG]
/u2/engler/mc/oses/linux/2.4.17/drivers/usb/catc.c:621:catc_probe:
 ERROR:NULL:620:621:Passing unknown ptr "catc"! as arg 0 to call "memset"!
 set by 'kmalloc':620 [COUNTER=kmalloc:620] [fit=1] [fit_fn=15] [fn_ex=0]
 [fn_counter=1] [ex=1399] [counter=26] [z = 5.50002098543802] [fn-z =
 -4.35889894354067] if (usb_set_interface(usbdev, ifnum, 1)) {
                err("Can't set altsetting 1.");
                return NULL;
        }
Start --->
        catc = kmalloc(sizeof(struct catc), GFP_KERNEL);
Error --->
        memset(catc, 0, sizeof(struct catc));
        netdev = init_etherdev(0, 0);
---------------------------------------------------------

---------------------------------------------------------
[BUG]
/u2/engler/mc/oses/linux/2.4.17/drivers/usb/catc.c:625:catc_probe:
 ERROR:NULL:623:625:Using ptr "netdev" illegally! set by 'init_etherdev':623
 [COUNTER=init_etherdev:623] [fit=32] [fit_fn=1] [fn_ex=0] [fn_counter=1]
 [ex=18] [counter=3] [z = -1.95244207985486] [fn-z = -4.35889894354067] }
        catc = kmalloc(sizeof(struct catc), GFP_KERNEL);
        memset(catc, 0, sizeof(struct catc));
Start --->
        netdev = init_etherdev(0, 0);
Error --->
        netdev->open = catc_open;
        netdev->hard_start_xmit = catc_hard_start_xmit;
        netdev->stop = catc_stop;
        netdev->get_stats = catc_get_stats;
---------------------------------------------------------
bradh: These two bugs were fixed in 2.5, and not backported. Attached patch 
does the backport to 2.4.19-pre10.


---------------------------------------------------------
[BUG]
/u2/engler/mc/oses/linux/2.4.17/drivers/usb/se401.c:1430:se401_init:
 ERROR:NULL:1427:1430:Using ptr "(*se401).width" illegally! set by
 'kmalloc_Rsmp_93d4cfe6':1427 [COUNTER=kmalloc_Rsmp_93d4cfe6:1427] [fit=46]
 [fit_fn=4] [fn_ex=0] [fn_counter=3] [ex=59] [counter=9] [z =
 -3.11592335081808] [fn-z = -7.54983443527075] return 1;
        }
        sprintf (temp, "ExtraFeatures: %d", cp[3]);
        se401->sizes=cp[4]+cp[5]*256;
Start --->
        se401->width=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
        se401->height=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
        for (i=0; i<se401->sizes; i++) {
Error --->
                    se401->width[i]=cp[6+i*4+0]+cp[6+i*4+1]*256;
                    se401->height[i]=cp[6+i*4+2]+cp[6+i*4+3]*256;
        }
        sprintf (temp, "%s Sizes:", temp);
---------------------------------------------------------
[BUG]
/u2/engler/mc/oses/linux/2.4.17/drivers/usb/se401.c:1435:se401_init:
 ERROR:NULL:1427:1435:Using ptr "(*se401).width" illegally! set by
 'kmalloc_Rsmp_93d4cfe6':1427 [COUNTER=kmalloc_Rsmp_93d4cfe6:1427] [fit=46]
 [fit_fn=4] [fn_ex=0] [fn_counter=3] [ex=59] [counter=9] [z =
 -3.11592335081808] [fn-z = -7.54983443527075] return 1;
        }
        sprintf (temp, "ExtraFeatures: %d", cp[3]);
        se401->sizes=cp[4]+cp[5]*256;
Start --->
        se401->width=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
        se401->height=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
        for (i=0; i<se401->sizes; i++) {
                    se401->width[i]=cp[6+i*4+0]+cp[6+i*4+1]*256;
                    se401->height[i]=cp[6+i*4+2]+cp[6+i*4+3]*256;
        }
        sprintf (temp, "%s Sizes:", temp);
        for (i=0; i<se401->sizes; i++) {
Error --->
                sprintf(temp, "%s %dx%d", temp, se401->width[i], se401->height[i]);
        }
        info("%s", temp);
        se401->maxframesize=se401->width[se401->sizes-1]*se401->height[se401->sizes-
1]*3; ---------------------------------------------------------
[BUG]
/u2/engler/mc/oses/linux/2.4.17/drivers/usb/se401.c:1438:se401_init:
 ERROR:NULL:1427:1438:Using ptr "(*se401).width" illegally! set by
 'kmalloc_Rsmp_93d4cfe6':1427 [COUNTER=kmalloc_Rsmp_93d4cfe6:1427] [fit=46]
 [fit_fn=4] [fn_ex=0] [fn_counter=3] [ex=59] [counter=9] [z =
 -3.11592335081808] [fn-z = -7.54983443527075] return 1;
        }
        sprintf (temp, "ExtraFeatures: %d", cp[3]);
        se401->sizes=cp[4]+cp[5]*256;
Start --->
        se401->width=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
        se401->height=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
        for (i=0; i<se401->sizes; i++) {
                    se401->width[i]=cp[6+i*4+0]+cp[6+i*4+1]*256;
                    se401->height[i]=cp[6+i*4+2]+cp[6+i*4+3]*256;
        }
        sprintf (temp, "%s Sizes:", temp);
        for (i=0; i<se401->sizes; i++) {
                sprintf(temp, "%s %dx%d", temp, se401->width[i], se401->height[i]);
        }
        info("%s", temp);
Error --->
        se401->maxframesize=se401->width[se401->sizes-1]*se401->height[se401->sizes-
1]*3; rc=se401_sndctrl(0, se401, SE401_REQ_GET_WIDTH, 0, cp, sizeof(cp));
 se401->cwidth=cp[0]+cp[1]*256;
---------------------------------------------------------
[BUG]
/u2/engler/mc/oses/linux/2.4.17/drivers/usb/se401.c:1431:se401_init:
 ERROR:NULL:1428:1431:Using ptr "(*se401).height" illegally! set by
 'kmalloc_Rsmp_93d4cfe6':1428 [COUNTER=kmalloc_Rsmp_93d4cfe6:1428] [fit=46]
 [fit_fn=5] [fn_ex=0] [fn_counter=3] [ex=59] [counter=9] [z =
 -3.11592335081808] [fn-z = -7.54983443527075] }
        sprintf (temp, "ExtraFeatures: %d", cp[3]);
        se401->sizes=cp[4]+cp[5]*256;
        se401->width=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
Start --->
        se401->height=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
        for (i=0; i<se401->sizes; i++) {
                    se401->width[i]=cp[6+i*4+0]+cp[6+i*4+1]*256;
Error --->
                    se401->height[i]=cp[6+i*4+2]+cp[6+i*4+3]*256;
        }
        sprintf (temp, "%s Sizes:", temp);
        for (i=0; i<se401->sizes; i++) {
---------------------------------------------------------
[BUG]
/u2/engler/mc/oses/linux/2.4.17/drivers/usb/se401.c:1435:se401_init:
 ERROR:NULL:1428:1435:Using ptr "(*se401).height" illegally! set by
 'kmalloc_Rsmp_93d4cfe6':1428 [COUNTER=kmalloc_Rsmp_93d4cfe6:1428] [fit=46]
 [fit_fn=5] [fn_ex=0] [fn_counter=3] [ex=59] [counter=9] [z =
 -3.11592335081808] [fn-z = -7.54983443527075] }
        sprintf (temp, "ExtraFeatures: %d", cp[3]);
        se401->sizes=cp[4]+cp[5]*256;
        se401->width=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
Start --->
        se401->height=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
        for (i=0; i<se401->sizes; i++) {
                    se401->width[i]=cp[6+i*4+0]+cp[6+i*4+1]*256;
                    se401->height[i]=cp[6+i*4+2]+cp[6+i*4+3]*256;
        }
        sprintf (temp, "%s Sizes:", temp);
        for (i=0; i<se401->sizes; i++) {
Error --->
                sprintf(temp, "%s %dx%d", temp, se401->width[i], se401->height[i]);
        }
        info("%s", temp);
        se401->maxframesize=se401->width[se401->sizes-1]*se401->height[se401->sizes-
1]*3; ---------------------------------------------------------
[BUG]
/u2/engler/mc/oses/linux/2.4.17/drivers/usb/se401.c:1438:se401_init:
 ERROR:NULL:1428:1438:Using ptr "(*se401).height" illegally! set by
 'kmalloc_Rsmp_93d4cfe6':1428 [COUNTER=kmalloc_Rsmp_93d4cfe6:1428] [fit=46]
 [fit_fn=5] [fn_ex=0] [fn_counter=3] [ex=59] [counter=9] [z =
 -3.11592335081808] [fn-z = -7.54983443527075] }
        sprintf (temp, "ExtraFeatures: %d", cp[3]);
        se401->sizes=cp[4]+cp[5]*256;
        se401->width=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
Start --->
        se401->height=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
        for (i=0; i<se401->sizes; i++) {
                    se401->width[i]=cp[6+i*4+0]+cp[6+i*4+1]*256;
                    se401->height[i]=cp[6+i*4+2]+cp[6+i*4+3]*256;
        }
        sprintf (temp, "%s Sizes:", temp);
        for (i=0; i<se401->sizes; i++) {
                sprintf(temp, "%s %dx%d", temp, se401->width[i], se401->height[i]);
        }
        info("%s", temp);
Error --->
        se401->maxframesize=se401->width[se401->sizes-1]*se401->height[se401->sizes-
1]*3; rc=se401_sndctrl(0, se401, SE401_REQ_GET_WIDTH, 0, cp, sizeof(cp));
 se401->cwidth=cp[0]+cp[1]*256;
---------------------------------------------------------
bradh: Null check added for width and height. This needs to go into 2.5 too, 
but I haven't done that yet.



Brad


diff -Naur -X dontdiff linux-2.4.19-pre10-clean/drivers/usb/catc.c linux-2.4.19-pre10-checker/drivers/usb/catc.c
--- linux-2.4.19-pre10-clean/drivers/usb/catc.c	Mon Jun 10 15:51:06 2002
+++ linux-2.4.19-pre10-checker/drivers/usb/catc.c	Mon Jun 10 15:59:00 2002
@@ -673,9 +673,16 @@
 	}
 
 	catc = kmalloc(sizeof(struct catc), GFP_KERNEL);
+	if (!catc)
+		return NULL;
+
 	memset(catc, 0, sizeof(struct catc));
 
 	netdev = init_etherdev(0, 0);
+	if (!netdev) {
+		kfree(catc);
+		return NULL;
+	}
 
 	netdev->open = catc_open;
 	netdev->hard_start_xmit = catc_hard_start_xmit;
diff -Naur -X dontdiff linux-2.4.19-pre10-clean/drivers/usb/se401.c linux-2.4.19-pre10-checker/drivers/usb/se401.c
--- linux-2.4.19-pre10-clean/drivers/usb/se401.c	Mon Jun 10 15:51:07 2002
+++ linux-2.4.19-pre10-checker/drivers/usb/se401.c	Mon Jun 10 16:06:29 2002
@@ -1425,7 +1425,13 @@
 
 	se401->sizes=cp[4]+cp[5]*256;
 	se401->width=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
+	if (NULL == (se401->width)) 
+		return 1;
 	se401->height=kmalloc(se401->sizes*sizeof(int), GFP_KERNEL);
+	if (NULL == (se401->height)) {
+		kfree(se401->width);
+		return 1;
+	}
 	for (i=0; i<se401->sizes; i++) {
 		    se401->width[i]=cp[6+i*4+0]+cp[6+i*4+1]*256;
 		    se401->height[i]=cp[6+i*4+2]+cp[6+i*4+3]*256;

Reply via email to