Project

General

Profile

Actions
Copy link

Feature #2692

open

100: TTY should not be NULL when it is passed to TTY processing functions

Added by Evgeny Novikov over 12 years ago. Updated almost 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Mikhail Mandrykin
Start date:
04/03/2012
Due date:
% Done:

100%

Estimated time:
Published in build:

Description

TTY functions don't check whether a passed to them TTY is NULL or not (see this, for instance). Sometimes it leads to null pointer dereferences. We should verify that this cannot happen, i.e. determine the list of such the TTY functions and make corresponding rule.
BTW, I guess that we do need to change our rules naming scheme. Most obvious for me to use our bugs/rules classification. With help of it the given rule can be named specific:check_params:tty. Now I'm going to use name 100_1 to distinguish this rule from the previous ones...

Actions
Copy link
 #1

Updated by Evgeny Novikov over 12 years ago

  • Priority changed from High to Normal

First implementation of the rule will be available soon in commit 7317750 of the master branch. It does find one of classifier bug (commit 1dfa93a of linux-stable git repository).

Actions
Copy link
 #2

Updated by Evgeny Novikov over 12 years ago

Note, that tty_kref_put function checks its parameter (TTY) itself. So, it shouldn't be checked:


void tty_kref_put(struct tty_struct *tty)
{
        if (tty)
                kref_put(&tty->kref, queue_release_one_tty);
}

Actions
Copy link
 #3

Updated by Evgeny Novikov over 12 years ago

Evgeny Novikov wrote:

Note, that tty_kref_put function checks its parameter (TTY) itself. So, it shouldn't be checked:
[...]

Fixed in commit a09b005 of the master branch.

Actions
Copy link
 #4

Updated by Alexey Khoroshilov over 12 years ago

  • Subject changed from We should check that TTY isn't NULL when it's passed to TTY processing functions to 100: We should check that TTY isn't NULL when it's passed to TTY processing functions
Actions
Copy link
 #5

Updated by Evgeny Novikov over 12 years ago

  • Assignee changed from Evgeny Novikov to Mikhail Mandrykin

I guess that this is one of promising rules, so Mikhail may investigate it, complete it, create tests and make launches with different kernel versions.

Actions
Copy link
 #6

Updated by Mikhail Mandrykin over 12 years ago

  • Status changed from Open to Resolved
Actions
Copy link
 #7

Updated by Mikhail Mandrykin over 12 years ago

  • % Done changed from 0 to 100
Actions
Copy link
 #8

Updated by Evgeny Novikov almost 10 years ago

  • Subject changed from 100: We should check that TTY isn't NULL when it's passed to TTY processing functions to 100: TTY should not be NULL when it is passed to TTY processing functions
Actions
Copy link

Also available in: Atom PDF