Reported by -fanalyzer. If kernel did not send full qdisc
info, then uninitialized or null data could be referenced.
q_prio.c: In function ‘prio_print_opt’:
q_prio.c:105:57: warning: dereference of NULL ‘0’ [CWE-476] [-Wanalyzer-null-dereference]
105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
| ~~~~^~~~~~~
‘prio_print_opt’: event 1
|
| 98 | if (opt == NULL)
| | ^
| | |
| | (1) following ‘false’ branch (when ‘opt’ is non-NULL)...
|
‘prio_print_opt’: event 2
|
|../include/uapi/linux/rtnetlink.h:228:38:
| 228 | #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
| | ~~~~~~^~~~~~~~~~
| | |
| | (2) ...to here
../include/libnetlink.h:236:19: note: in expansion of macro ‘RTA_PAYLOAD’
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
| | ^~~~~~~~~~~
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
‘prio_print_opt’: event 3
|
|../include/libnetlink.h:236:59:
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
‘prio_print_opt’: events 4-5
|
| 105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
| | ~~~~^~~~~~~
| | |
| | (4) ...to here
| | (5) dereference of NULL ‘<unknown>’
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
sizeof(*qopt)))
return -1;
+ if (qopt == NULL)
+ return -1; /* missing data from kernel */
print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
open_json_array(PRINT_ANY, "priomap");
projects / thirdparty / iproute2.git / commitdiff
