Multiple possible null-pointer dereferences
Warner Losh
imp at bsdimp.com
Fri Sep 16 00:38:38 UTC 2016
On Thu, Sep 15, 2016 at 12:36 PM, Daniil Berendeev
<pipfstarrd at openmailbox.org> wrote:
>
>> But, all the pasted examples looked like they were or were likely to be in
>> contrib code
> Yes, the pasted examples are from contrib/ code, but similar code exists
> in usr.sbin/, sys/, crypto/, lib/, libexec/, sbin/, just a few examples
> from sys:
>
> 1) sys/boot/ficl/ficl.c:274
> void ficlFreeVM(FICL_VM *pVM)
> {
> // Again, we at first dereference the pointer
> FICL_SYSTEM *pSys = pVM->pSys;
> FICL_VM *pList = pSys->vmList;
>
> // And then check if it is valid
> assert(pVM != 0);
> // ...
While technically a bug, this bug would never be triggered given how
the boot loader works.
It's super easy to fix, so we might as well, but to be clear it will
zero affect on the actual runtime performance of the code give the
greater structure of the code.
Warner
More information about the freebsd-hackers
mailing list