linux-4.2-rc6/fs/afs/server.c:210:Possible null pointer dereference
David Howells
dhowells at redhat.com
Mon Aug 10 10:24:11 PDT 2015
David Binderman <dcb314 at hotmail.com> wrote:
David Binderman <dcb314 at hotmail.com> wrote:
> Let's have another go. More detail:
>
> In the define, X is server->addr.s_addr, Y is addr.s_addr, OP is == and so
>
> !((X) OP (Y))
>
> evaluates to
>
> !((server->addr.s_addr == addr.s_addr))
>
> Since server is NULL, that looks like a NULL dereference to me.
No.
Let's have a closer look:
#define ASSERTIFCMP(C, X, OP, Y) \
do { \
if (unlikely((C) && !((X) OP (Y)))) {
... \
} \
}
The "(C) &&" before the "!((X) OP (Y))" is very important. That's the guard.
If (C) evaluates to false, then the RHS of the && operator won't even be
evaluated. (C) is just "server". So if server is NULL, the dereference is
guaranteed not to happen by the C standard.
David
More information about the linux-afs
mailing list