[Static Analysis][Dereference of null pointer] Function m_dup_pkthdr from netwerk/sctp/src/user_mbuf.c could potentially lead to a null pointer dereference

RESOLVED WONTFIX

Status

()

Core
Networking
RESOLVED WONTFIX
3 years ago
2 years ago

People

(Reporter: andi, Assigned: andi)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(firefox45 affected)

Details

Attachments

(1 attachment)

(Assignee)

Description

3 years ago
The Static Analysis tool Scan-Build added a null pointer dereference in function m_dup_pkthdr for pointers to and from.
(Assignee)

Comment 2

2 years ago
Comment on attachment 8690719 [details] [diff] [review]
Bug 1227055.diff

Hello Patrick,

Could you please take a look other this patch?

THX
Attachment #8690719 - Flags: review?(mcmanus)
Comment on attachment 8690719 [details] [diff] [review]
Bug 1227055.diff

we are actually a downstream consumer of this code - :jesup can shepherd
Attachment #8690719 - Flags: review?(mcmanus) → review?(rjesup)

Updated

2 years ago
Attachment #8690719 - Flags: review?(rjesup) → review+
Michael - for upstreaming
Flags: needinfo?(tuexen)

Comment 5

2 years ago
KASSERT() needs two arguments. I have added the suggested protection code
with correct syntax in

https://github.com/sctplab/usrsctp/commit/12775c1e8104116df9916b2114aa93a4d65519e3

Please note that this is a no-op unless you compile with INVARIANTS, which
is not done by Firefox (which is good).
If you compile with INVARIANTS, you will see an error message.
In any case, if one of the pointers is NULL, you will die...

Please use the patch committed upstream.
Flags: needinfo?(tuexen)
dealt with upstream
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.