* [PATCH v6] lib: fix dereferencing of a NULL pointer
@ 2024-10-21 15:43 Abdelrahman Youssef via B4 Relay
2024-10-21 16:14 ` Ahmad Fatoum
2024-10-22 8:14 ` Sascha Hauer
0 siblings, 2 replies; 3+ messages in thread
From: Abdelrahman Youssef via B4 Relay @ 2024-10-21 15:43 UTC (permalink / raw)
To: Sascha Hauer, BAREBOX; +Cc: Abdelrahman Youssef
From: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
Runtime reported by AddressSanitizer due to time a NULL pointer dereference.
This is the stack trace:
#0 0x5b2550e70c4b in get_param_by_name /barebox/lib/parameter.c:56:2
#1 0x5b2550e70c4b in __dev_add_param /barebox/lib/parameter.c:153:6
#2 0x5b2550e71666 in __dev_add_param_int /barebox/lib/parameter.c:471:8
#3 0x5b2550daece8 in dev_add_param_uint32 /barebox/include/param.h:266:1
#4 0x5b2550daece8 in dos_partition /barebox/common/partitions/dos.c:289:2
#5 0x5b2550dadc62 in fuzz_partition_table_parser /barebox/common/partitions.c:331:10
#6 0x5b2550dadc62 in fuzz_partition_table_parser_ramdisk /barebox/common/partitions.c:344:1
#7 0x5b2550ebb94d in fuzz_test_once /barebox/include/fuzz.h:68:2
#8 0x5b2550ebb94d in fuzz_main /barebox/lib/fuzz.c:38:3
#9 0x5b2550d8eb41 in start_barebox /barebox/common/startup.c:381:3
#10 0x5b2550f4ea6d in sandbox_main (/barebox/images/main.elf+0x411a6d) (BuildId: dfdb3401891b94e86545eddb1502f0815ffd0afb)
#11 0x5b2550f4f2b2 in start_barebox_coop fuzz.c
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
---
lib/parameter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/parameter.c b/lib/parameter.c
index bf9e83152b..21fa9e7e70 100644
--- a/lib/parameter.c
+++ b/lib/parameter.c
@@ -51,6 +51,9 @@ const char *get_param_type(struct param_d *param)
struct param_d *get_param_by_name(struct device *dev, const char *name)
{
+ if (!dev)
+ return NULL;
+
struct param_d *p;
list_for_each_entry(p, &dev->parameters, list) {
---
base-commit: 9d47ff66c3892c5a6ddd4704993365a797fbeb68
change-id: 20241021-null_der-1378213f0da2
Best regards,
--
Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v6] lib: fix dereferencing of a NULL pointer
2024-10-21 15:43 [PATCH v6] lib: fix dereferencing of a NULL pointer Abdelrahman Youssef via B4 Relay
@ 2024-10-21 16:14 ` Ahmad Fatoum
2024-10-22 8:14 ` Sascha Hauer
1 sibling, 0 replies; 3+ messages in thread
From: Ahmad Fatoum @ 2024-10-21 16:14 UTC (permalink / raw)
To: abdelrahmanyossef12, Sascha Hauer, BAREBOX
Hello,
Why is this v6? Do you need to reset your b4 setup somehow? :-)
Tip: with b4 send --reflect and --dry-run, you can check how the patches
look like before sending them.
On 21.10.24 17:43, Abdelrahman Youssef via B4 Relay wrote:
> From: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
>
> Runtime reported by AddressSanitizer due to time a NULL pointer dereference.
>
> This is the stack trace:
> #0 0x5b2550e70c4b in get_param_by_name /barebox/lib/parameter.c:56:2
> #1 0x5b2550e70c4b in __dev_add_param /barebox/lib/parameter.c:153:6
> #2 0x5b2550e71666 in __dev_add_param_int /barebox/lib/parameter.c:471:8
> #3 0x5b2550daece8 in dev_add_param_uint32 /barebox/include/param.h:266:1
> #4 0x5b2550daece8 in dos_partition /barebox/common/partitions/dos.c:289:2
> #5 0x5b2550dadc62 in fuzz_partition_table_parser /barebox/common/partitions.c:331:10
> #6 0x5b2550dadc62 in fuzz_partition_table_parser_ramdisk /barebox/common/partitions.c:344:1
> #7 0x5b2550ebb94d in fuzz_test_once /barebox/include/fuzz.h:68:2
> #8 0x5b2550ebb94d in fuzz_main /barebox/lib/fuzz.c:38:3
> #9 0x5b2550d8eb41 in start_barebox /barebox/common/startup.c:381:3
> #10 0x5b2550f4ea6d in sandbox_main (/barebox/images/main.elf+0x411a6d) (BuildId: dfdb3401891b94e86545eddb1502f0815ffd0afb)
> #11 0x5b2550f4f2b2 in start_barebox_coop fuzz.c
>
> Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
> ---
> lib/parameter.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/lib/parameter.c b/lib/parameter.c
> index bf9e83152b..21fa9e7e70 100644
> --- a/lib/parameter.c
> +++ b/lib/parameter.c
> @@ -51,6 +51,9 @@ const char *get_param_type(struct param_d *param)
>
> struct param_d *get_param_by_name(struct device *dev, const char *name)
> {
> + if (!dev)
> + return NULL;
I don't think that's the correct place to fix this. The pointer shouldn't have been
NULL in the first place. The problem seems with the fuzzing infrastructure not
allocating a device for the ramdisks.
I'll look into a fix and push it to my Github branch.
Cheers,
Ahmad
> +
> struct param_d *p;
>
> list_for_each_entry(p, &dev->parameters, list) {
>
> ---
> base-commit: 9d47ff66c3892c5a6ddd4704993365a797fbeb68
> change-id: 20241021-null_der-1378213f0da2
>
> Best regards,
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v6] lib: fix dereferencing of a NULL pointer
2024-10-21 15:43 [PATCH v6] lib: fix dereferencing of a NULL pointer Abdelrahman Youssef via B4 Relay
2024-10-21 16:14 ` Ahmad Fatoum
@ 2024-10-22 8:14 ` Sascha Hauer
1 sibling, 0 replies; 3+ messages in thread
From: Sascha Hauer @ 2024-10-22 8:14 UTC (permalink / raw)
To: Abdelrahman Youssef via B4 Relay; +Cc: BAREBOX, Abdelrahman Youssef
Hi,
When sending a new series you have to start over b4 with
b4 prep -n <topic> -f master
As your old series (which went up to v5) was applied you can delete the
branch.
That said, no need to resend just for this.
Sascha
On Mon, Oct 21, 2024 at 06:43:03PM +0300, Abdelrahman Youssef via B4 Relay wrote:
> From: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
>
> Runtime reported by AddressSanitizer due to time a NULL pointer dereference.
>
> This is the stack trace:
> #0 0x5b2550e70c4b in get_param_by_name /barebox/lib/parameter.c:56:2
> #1 0x5b2550e70c4b in __dev_add_param /barebox/lib/parameter.c:153:6
> #2 0x5b2550e71666 in __dev_add_param_int /barebox/lib/parameter.c:471:8
> #3 0x5b2550daece8 in dev_add_param_uint32 /barebox/include/param.h:266:1
> #4 0x5b2550daece8 in dos_partition /barebox/common/partitions/dos.c:289:2
> #5 0x5b2550dadc62 in fuzz_partition_table_parser /barebox/common/partitions.c:331:10
> #6 0x5b2550dadc62 in fuzz_partition_table_parser_ramdisk /barebox/common/partitions.c:344:1
> #7 0x5b2550ebb94d in fuzz_test_once /barebox/include/fuzz.h:68:2
> #8 0x5b2550ebb94d in fuzz_main /barebox/lib/fuzz.c:38:3
> #9 0x5b2550d8eb41 in start_barebox /barebox/common/startup.c:381:3
> #10 0x5b2550f4ea6d in sandbox_main (/barebox/images/main.elf+0x411a6d) (BuildId: dfdb3401891b94e86545eddb1502f0815ffd0afb)
> #11 0x5b2550f4f2b2 in start_barebox_coop fuzz.c
>
> Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
> ---
> lib/parameter.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/lib/parameter.c b/lib/parameter.c
> index bf9e83152b..21fa9e7e70 100644
> --- a/lib/parameter.c
> +++ b/lib/parameter.c
> @@ -51,6 +51,9 @@ const char *get_param_type(struct param_d *param)
>
> struct param_d *get_param_by_name(struct device *dev, const char *name)
> {
> + if (!dev)
> + return NULL;
> +
> struct param_d *p;
>
> list_for_each_entry(p, &dev->parameters, list) {
>
> ---
> base-commit: 9d47ff66c3892c5a6ddd4704993365a797fbeb68
> change-id: 20241021-null_der-1378213f0da2
>
> Best regards,
> --
> Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-10-22 8:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-21 15:43 [PATCH v6] lib: fix dereferencing of a NULL pointer Abdelrahman Youssef via B4 Relay
2024-10-21 16:14 ` Ahmad Fatoum
2024-10-22 8:14 ` Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox