[PATCH mtd-utils] ffsX-utils: Fix integer overflow in jffs2dump.c
Zhihao Cheng
chengzhihao1 at huawei.com
Sun Dec 15 17:21:05 PST 2024
在 2024/12/14 21:34, Anton Moryakov 写道:
> Report of the static analyzer:
> Pointer 'path', returned from function 'xstrdup' at jffs2reader.c:690, may be NULL and is dereferenced at jffs2reader.c:692.
>
> Corrections explained:
> After calling xstrdup(p), a path == NULL check has been added. This prevents a possible NULL pointer dereference in the event of a memory allocation error.
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
>
> ---
> jffsX-utils/jffs2reader.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/jffsX-utils/jffs2reader.c b/jffsX-utils/jffs2reader.c
> index 87a2167..f776466 100644
> --- a/jffsX-utils/jffs2reader.c
> +++ b/jffsX-utils/jffs2reader.c
> @@ -694,6 +694,11 @@ static struct jffs2_raw_dirent *resolvepath0(char *o, size_t size, uint32_t ino,
>
> pp = path = xstrdup(p);
>
> + if(path == NULL){
> + *inos = 0;
> + return NULL;
> + }
> +
Hi Anton, please do some manual analysis before sending these patches
scanned by static analyzer. According to the realization of 'xstrdup()',
the program will exit if a failure memory allcation occurs.
> if (*path == '/') {
> path++;
> ino = 1;
>
More information about the linux-mtd
mailing list