Bug 13852 - found a possible null pointer dereference
Summary: found a possible null pointer dereference
Status: CLOSED OBSOLETE
Alias: None
Product: Drivers
Classification: Unclassified
Component: Network (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: drivers_network@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-07-27 12:47 UTC by Martin Ettl
Modified: 2012-06-13 14:23 UTC (History)
1 user (show)

See Also:
Kernel Version: 2.6.30
Subsystem:
Regression: No
Bisected commit-id:


Attachments

Description Martin Ettl 2009-07-27 12:47:28 UTC
Hello,

i have checked to sources of the linux kernel with the static code analyis tool cppcheck. It found a possible null pointer usage in file linux-2.6.30/drivers/net/tun.c at line 489.

Take a look at file tun.c:

static unsigned int tun_chr_poll(struct file *file, poll_table * wait)
{
	struct tun_file *tfile = file->private_data;
	struct tun_struct *tun = __tun_get(tfile);
489	struct sock *sk = tun->sk;
	unsigned int mask = 0;

491	if (!tun)
		return POLLERR;

....

Indeed, the pointer tun is used (see line 489) and at line 491 is checked if he is null. 

A possible way out might be:

static unsigned int tun_chr_poll(struct file *file, poll_table * wait)
{
	struct tun_file *tfile = file->private_data;
	struct tun_struct *tun = __tun_get(tfile);

	if (!tun)
		return POLLERR;

	struct sock *sk = tun->sk;
	unsigned int mask = 0;



Best regards

Ettl Martin

Note You need to log in before you can comment on or make changes to this bug.