Feature #2692
open100: TTY should not be NULL when it is passed to TTY processing functions
100%
Description
TTY functions don't check whether a passed to them TTY is NULL or not (see this, for instance). Sometimes it leads to null pointer dereferences. We should verify that this cannot happen, i.e. determine the list of such the TTY functions and make corresponding rule.
BTW, I guess that we do need to change our rules naming scheme. Most obvious for me to use our bugs/rules classification. With help of it the given rule can be named specific:check_params:tty. Now I'm going to use name 100_1 to distinguish this rule from the previous ones...
Updated by Evgeny Novikov over 12 years ago
- Priority changed from High to Normal
First implementation of the rule will be available soon in commit 7317750 of the master branch. It does find one of classifier bug (commit 1dfa93a of linux-stable git repository).
Updated by Evgeny Novikov over 12 years ago
Note, that tty_kref_put function checks its parameter (TTY) itself. So, it shouldn't be checked:
void tty_kref_put(struct tty_struct *tty) { if (tty) kref_put(&tty->kref, queue_release_one_tty); }
Updated by Evgeny Novikov over 12 years ago
Evgeny Novikov wrote:
Note, that tty_kref_put function checks its parameter (TTY) itself. So, it shouldn't be checked:
[...]
Fixed in commit a09b005 of the master branch.
Updated by Alexey Khoroshilov over 12 years ago
- Subject changed from We should check that TTY isn't NULL when it's passed to TTY processing functions to 100: We should check that TTY isn't NULL when it's passed to TTY processing functions
Updated by Evgeny Novikov over 12 years ago
- Assignee changed from Evgeny Novikov to Mikhail Mandrykin
I guess that this is one of promising rules, so Mikhail may investigate it, complete it, create tests and make launches with different kernel versions.
Updated by Mikhail Mandrykin over 12 years ago
- Status changed from Open to Resolved
Updated by Evgeny Novikov almost 10 years ago
- Subject changed from 100: We should check that TTY isn't NULL when it's passed to TTY processing functions to 100: TTY should not be NULL when it is passed to TTY processing functions