Feature #2692
open
100: TTY should not be NULL when it is passed to TTY processing functions
Added by Evgeny Novikov about 12 years ago.
Updated over 9 years ago.
Description
TTY functions don't check whether a passed to them TTY is NULL or not (see this, for instance). Sometimes it leads to null pointer dereferences. We should verify that this cannot happen, i.e. determine the list of such the TTY functions and make corresponding rule.
BTW, I guess that we do need to change our rules naming scheme. Most obvious for me to use our bugs/rules classification. With help of it the given rule can be named specific:check_params:tty. Now I'm going to use name 100_1 to distinguish this rule from the previous ones...
- Priority changed from High to Normal
First implementation of the rule will be available soon in commit 7317750 of the master branch. It does find one of classifier bug (commit 1dfa93a of linux-stable git repository).
Note, that tty_kref_put function checks its parameter (TTY) itself. So, it shouldn't be checked:
void tty_kref_put(struct tty_struct *tty)
{
if (tty)
kref_put(&tty->kref, queue_release_one_tty);
}
Evgeny Novikov wrote:
Note, that tty_kref_put function checks its parameter (TTY) itself. So, it shouldn't be checked:
[...]
Fixed in commit a09b005 of the master branch.
- Subject changed from We should check that TTY isn't NULL when it's passed to TTY processing functions to 100: We should check that TTY isn't NULL when it's passed to TTY processing functions
- Assignee changed from Evgeny Novikov to Mikhail Mandrykin
I guess that this is one of promising rules, so Mikhail may investigate it, complete it, create tests and make launches with different kernel versions.
- Status changed from Open to Resolved
- % Done changed from 0 to 100
- Subject changed from 100: We should check that TTY isn't NULL when it's passed to TTY processing functions to 100: TTY should not be NULL when it is passed to TTY processing functions
Also available in: Atom
PDF