[OpenWrt-Devel] [PATCH libubox 9/9] avl: guard against theoretical null pointer dereference

Yousong Zhou yszhou4tech at gmail.com
Wed Nov 20 09:01:22 EST 2019


On Wed, 20 Nov 2019 at 21:46, Yousong Zhou <yszhou4tech at gmail.com> wrote:
>
> On Wed, 20 Nov 2019 at 21:33, Petr Štetiar <ynezz at true.cz> wrote:
> >
> > Yousong Zhou <yszhou4tech at gmail.com> [2019-11-20 20:33:06]:
> >
> > Hi,
> >
> > thanks for review!
> >
> > > The first check (node->left == NULL && node->right == NULL) if
> > > matched, will return.
> >
> > You can see the code path leading to null pointer dereference for yourself[1].
> > I wish, that analyzer could output test case directly :-) I wanted to write
> > test case myself in order to verify it, but it's quite time consuming so I
> > rather decided to move on with this simple silencer.
> >
> > 1. https://ynezz.gitlab.io/-/openwrt-libubox/-/jobs/355230141/artifacts/build/scan/2019-11-19-163708-203-1/index.html
>
> The graph is very impressive.  It requires the fiddler to first point
> node->parent to a stranger whose left and right children are both not
> node itself ;)  In that case, I prefer the program just segfault.  No
> way it should continue or recover.
>

By the way, will assert(node-parent != NULL) suffice to inform the
analyzer the underlying details?  If it does, we could also apply it
to b64_encode(), b64_decode().

                yousong

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list