mirror of
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
synced 2024-11-15 22:15:13 +08:00
c90d25e96b
Reported by -fanalyzer. If kernel did not send full qdisc
info, then uninitialized or null data could be referenced.
q_prio.c: In function ‘prio_print_opt’:
q_prio.c:105:57: warning: dereference of NULL ‘0’ [CWE-476] [-Wanalyzer-null-dereference]
105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
| ~~~~^~~~~~~
‘prio_print_opt’: event 1
|
| 98 | if (opt == NULL)
| | ^
| | |
| | (1) following ‘false’ branch (when ‘opt’ is non-NULL)...
|
‘prio_print_opt’: event 2
|
|../include/uapi/linux/rtnetlink.h:228:38:
| 228 | #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
| | ~~~~~~^~~~~~~~~~
| | |
| | (2) ...to here
../include/libnetlink.h:236:19: note: in expansion of macro ‘RTA_PAYLOAD’
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
| | ^~~~~~~~~~~
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
‘prio_print_opt’: event 3
|
|../include/libnetlink.h:236:59:
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
‘prio_print_opt’: events 4-5
|
| 105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
| | ~~~~^~~~~~~
| | |
| | (4) ...to here
| | (5) dereference of NULL ‘<unknown>’
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| e_bpf.c | ||
| em_canid.c | ||
| em_cmp.c | ||
| em_ipset.c | ||
| em_ipt.c | ||
| em_meta.c | ||
| em_nbyte.c | ||
| em_u32.c | ||
| emp_ematch.l | ||
| emp_ematch.y | ||
| f_basic.c | ||
| f_bpf.c | ||
| f_cgroup.c | ||
| f_flow.c | ||
| f_flower.c | ||
| f_fw.c | ||
| f_matchall.c | ||
| f_route.c | ||
| f_rsvp.c | ||
| f_tcindex.c | ||
| f_u32.c | ||
| m_action.c | ||
| m_bpf.c | ||
| m_connmark.c | ||
| m_csum.c | ||
| m_ct.c | ||
| m_ctinfo.c | ||
| m_ematch.c | ||
| m_ematch.h | ||
| m_estimator.c | ||
| m_gact.c | ||
| m_gate.c | ||
| m_ife.c | ||
| m_ipt.c | ||
| m_mirred.c | ||
| m_mpls.c | ||
| m_nat.c | ||
| m_pedit.c | ||
| m_pedit.h | ||
| m_police.c | ||
| m_sample.c | ||
| m_simple.c | ||
| m_skbedit.c | ||
| m_skbmod.c | ||
| m_tunnel_key.c | ||
| m_vlan.c | ||
| m_xt_old.c | ||
| m_xt.c | ||
| Makefile | ||
| p_eth.c | ||
| p_icmp.c | ||
| p_ip6.c | ||
| p_ip.c | ||
| p_tcp.c | ||
| p_udp.c | ||
| q_atm.c | ||
| q_cake.c | ||
| q_cbq.c | ||
| q_cbs.c | ||
| q_choke.c | ||
| q_clsact.c | ||
| q_codel.c | ||
| q_drr.c | ||
| q_dsmark.c | ||
| q_etf.c | ||
| q_ets.c | ||
| q_fifo.c | ||
| q_fq_codel.c | ||
| q_fq_pie.c | ||
| q_fq.c | ||
| q_gred.c | ||
| q_hfsc.c | ||
| q_hhf.c | ||
| q_htb.c | ||
| q_ingress.c | ||
| q_mqprio.c | ||
| q_multiq.c | ||
| q_netem.c | ||
| q_pie.c | ||
| q_plug.c | ||
| q_prio.c | ||
| q_qfq.c | ||
| q_red.c | ||
| q_sfb.c | ||
| q_sfq.c | ||
| q_skbprio.c | ||
| q_taprio.c | ||
| q_tbf.c | ||
| static-syms.c | ||
| tc_cbq.c | ||
| tc_cbq.h | ||
| tc_class.c | ||
| tc_common.h | ||
| tc_core.c | ||
| tc_core.h | ||
| tc_estimator.c | ||
| tc_exec.c | ||
| tc_filter.c | ||
| tc_monitor.c | ||
| tc_qdisc.c | ||
| tc_qevent.c | ||
| tc_qevent.h | ||
| tc_red.c | ||
| tc_red.h | ||
| tc_stab.c | ||
| tc_util.c | ||
| tc_util.h | ||
| tc.c | ||