Bug 13852
| Summary: | found a possible null pointer dereference | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | Martin Ettl (ettl.martin) |
| Component: | Network | Assignee: | drivers_network (drivers_network) |
| Status: | CLOSED OBSOLETE | ||
| Severity: | normal | CC: | alan |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 2.6.30 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
Hello, i have checked to sources of the linux kernel with the static code analyis tool cppcheck. It found a possible null pointer usage in file linux-2.6.30/drivers/net/tun.c at line 489. Take a look at file tun.c: static unsigned int tun_chr_poll(struct file *file, poll_table * wait) { struct tun_file *tfile = file->private_data; struct tun_struct *tun = __tun_get(tfile); 489 struct sock *sk = tun->sk; unsigned int mask = 0; 491 if (!tun) return POLLERR; .... Indeed, the pointer tun is used (see line 489) and at line 491 is checked if he is null. A possible way out might be: static unsigned int tun_chr_poll(struct file *file, poll_table * wait) { struct tun_file *tfile = file->private_data; struct tun_struct *tun = __tun_get(tfile); if (!tun) return POLLERR; struct sock *sk = tun->sk; unsigned int mask = 0; Best regards Ettl Martin