Bug 34522

Summary: Error-valued pointer overwrite in SCSI
Product: SCSI Drivers Reporter: Cindy Rubio (crubio)
Component: OtherAssignee: scsi_drivers-other
Status: CLOSED CODE_FIX    
Severity: normal CC: alan
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.38.3 Subsystem:
Regression: No Bisected commit-id:

Description Cindy Rubio 2011-05-04 20:37:28 UTC 
We have statically analyzed SCSI, the VFS and the Memory Management module to find error-valued pointers that are overwritten without first being checked for errors. We have found one potential overwrite:

drivers/scsi/scsi_scan.c:639: overwriting potential non-tentative unchecked error in variable "*bflags", which may contain one of the following error codes: *EINVAL

Here is a sample trace that illustrates how the overwrite might occur:

include/linux/err.h:24: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:268:"cabs2cil_" receives an error from function "ERR_PTR"
drivers/scsi/scsi_devinfo.c:268:"tmp___8" receives an error from "cabs2cil_"
drivers/scsi/scsi_devinfo.c:268:"tmp___8" may have an unchecked error
drivers/scsi/scsi_devinfo.c:268:"tmp" receives an error from "tmp___8"
drivers/scsi/scsi_devinfo.c:268:"tmp" may have an unchecked error
drivers/scsi/scsi_devinfo.c:268:"tmp___7" receives an error from "tmp"
drivers/scsi/scsi_devinfo.c:268:"tmp___7" may have an unchecked error
drivers/scsi/scsi_devinfo.c:268: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:477:"devinfo_table" receives an error from function "scsi_devinfo_lookup_by_key"
drivers/scsi/scsi_devinfo.c:479:"devinfo_table" may have an unchecked error
drivers/scsi/scsi_devinfo.c:480:"devinfo_table" may have an unchecked error
include/linux/err.h:29: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:480:"cabs2cil____0" receives an error from function "PTR_ERR"
drivers/scsi/scsi_devinfo.c:480:"tmp___19" receives an error from "cabs2cil____0"
drivers/scsi/scsi_devinfo.c:480:"tmp___17" receives an error from "tmp___19"
drivers/scsi/scsi_devinfo.c:480:"tmp___7" receives an error from "tmp___17"
drivers/scsi/scsi_devinfo.c:480: an unchecked error may be returned
drivers/scsi/scsi_devinfo.c:451:"tmp___7" receives an error from function "scsi_get_device_flags_keyed"
drivers/scsi/scsi_devinfo.c:451: an unchecked error may be returned
drivers/scsi/scsi_scan.c:639:"*bflags" receives an error from function "scsi_get_device_flags"
drivers/scsi/scsi_scan.c:644:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:645:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:646:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:655:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:656:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:657:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:658:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:573:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:578:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:581:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:582:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:583:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:585:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:587:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:592:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:596:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:603:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:605:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:609:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:578:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:581:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:582:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:583:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:585:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:587:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:592:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:596:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:603:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:620:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:623:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:624:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:625:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:626:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:628:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:629:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:630:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:639:"*bflags" may have an unchecked error
drivers/scsi/scsi_scan.c:639: overwriting potential non-tentative unchecked error in variable "*bflags"