Date: Thu, 15 Sep 2016 17:38:36 -0700 From: Warner Losh <imp@bsdimp.com> To: Daniil Berendeev <pipfstarrd@openmailbox.org> Cc: Benjamin Kaduk <kaduk@mit.edu>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: Multiple possible null-pointer dereferences Message-ID: <CANCZdfo4cwE4Yu7Pf4C3k7J-2s7A1NSPXEfA3ss0NCmd4j3bcQ@mail.gmail.com> In-Reply-To: <7022fa33-8789-0ac1-fbc9-7c2780149b49@openmailbox.org> References: <614a3aa7-a903-23f5-33b8-c367f22cd454@openmailbox.org> <alpine.GSO.1.10.1609151515460.5272@multics.mit.edu> <7022fa33-8789-0ac1-fbc9-7c2780149b49@openmailbox.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 15, 2016 at 12:36 PM, Daniil Berendeev
<pipfstarrd@openmailbox.org> wrote:
>
>> But, all the pasted examples looked like they were or were likely to be in
>> contrib code
> Yes, the pasted examples are from contrib/ code, but similar code exists
> in usr.sbin/, sys/, crypto/, lib/, libexec/, sbin/, just a few examples
> from sys:
>
> 1) sys/boot/ficl/ficl.c:274
> void ficlFreeVM(FICL_VM *pVM)
> {
> // Again, we at first dereference the pointer
> FICL_SYSTEM *pSys = pVM->pSys;
> FICL_VM *pList = pSys->vmList;
>
> // And then check if it is valid
> assert(pVM != 0);
> // ...
While technically a bug, this bug would never be triggered given how
the boot loader works.
It's super easy to fix, so we might as well, but to be clear it will
zero affect on the actual runtime performance of the code give the
greater structure of the code.
Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfo4cwE4Yu7Pf4C3k7J-2s7A1NSPXEfA3ss0NCmd4j3bcQ>