Feature #2692

100: TTY should not be NULL when it is passed to TTY processing functions

Added by Evgeny Novikov over 5 years ago. Updated over 2 years ago.

Status:ResolvedStart date:04/03/2012
Priority:NormalDue date:
Assignee:Mikhail Mandrykin% Done:

100%

Category:-
Target version:-
Published in build:

Description

TTY functions don't check whether a passed to them TTY is NULL or not (see this, for instance). Sometimes it leads to null pointer dereferences. We should verify that this cannot happen, i.e. determine the list of such the TTY functions and make corresponding rule.
BTW, I guess that we do need to change our rules naming scheme. Most obvious for me to use our bugs/rules classification. With help of it the given rule can be named specific:check_params:tty. Now I'm going to use name 100_1 to distinguish this rule from the previous ones...

History

#1 Updated by Evgeny Novikov over 5 years ago

  • Priority changed from High to Normal

First implementation of the rule will be available soon in commit 7317750 of the master branch. It does find one of classifier bug (commit 1dfa93a of linux-stable git repository).

#2 Updated by Evgeny Novikov over 5 years ago

Note, that tty_kref_put function checks its parameter (TTY) itself. So, it shouldn't be checked:


void tty_kref_put(struct tty_struct *tty)
{
        if (tty)
                kref_put(&tty->kref, queue_release_one_tty);
}

#3 Updated by Evgeny Novikov over 5 years ago

Evgeny Novikov wrote:

Note, that tty_kref_put function checks its parameter (TTY) itself. So, it shouldn't be checked:
[...]

Fixed in commit a09b005 of the master branch.

#4 Updated by Alexey Khoroshilov over 5 years ago

  • Subject changed from We should check that TTY isn't NULL when it's passed to TTY processing functions to 100: We should check that TTY isn't NULL when it's passed to TTY processing functions

#5 Updated by Evgeny Novikov about 5 years ago

  • Assignee changed from Evgeny Novikov to Mikhail Mandrykin

I guess that this is one of promising rules, so Mikhail may investigate it, complete it, create tests and make launches with different kernel versions.

#6 Updated by Mikhail Mandrykin about 5 years ago

  • Status changed from Open to Resolved

#7 Updated by Mikhail Mandrykin about 5 years ago

  • % Done changed from 0 to 100

#8 Updated by Evgeny Novikov over 2 years ago

  • Subject changed from 100: We should check that TTY isn't NULL when it's passed to TTY processing functions to 100: TTY should not be NULL when it is passed to TTY processing functions

Also available in: Atom PDF