From owner-freebsd-hackers@freebsd.org Fri Sep 16 00:38:38 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44A62BDCAFF for ; Fri, 16 Sep 2016 00:38:38 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1602F37E for ; Fri, 16 Sep 2016 00:38:38 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-it0-x234.google.com with SMTP id r192so5553311ita.0 for ; Thu, 15 Sep 2016 17:38:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=/EmZLR+1shY7sQxub+BC2BZlfWR8qtdQ+5fb7oNP+w4=; b=p4gp/qnMATv98c4XVt4fV0KPs271L5h7xkixURSRMtN6Ac9stzrWBP0xcxgoNDSan/ MePVXu+BA5mTSXxr2kBb5qMbL1IqkFeQTBRVL28Xw57l7A/PF68MhcuoG11zAFd25nnT 8GPXaOdEX3A9tCg4b7RmLXg+L81VFE32fhZOJV0Pfn3jbu4AqrZZnqfLvgKAqOYOV5xa 2CpTFR92EDcDHBu1uO+42H7JNRnUpnaqYfSp49x0SZP6x55vYh7ZtMf/S13OhwYlUogt LwKMs19+9d6qDvLK9wv1xE23VNI9yY+kO9+uTT+iIyyL1p9nV6HqpNVUKFFbw1W7/oP0 Nk1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=/EmZLR+1shY7sQxub+BC2BZlfWR8qtdQ+5fb7oNP+w4=; b=YmzHc7g9HWmEOr1Ws3A+0nroOtaKhr2vhrPngDi7NWRLrUKgkcGC2eXWmNfYHp6V2M DyuS5icyB9pdSTpTkWMgIBGTegtOb15R9qlGx1cnhgc6JPYyn1ImAKYjE4iBT5gjEC2I wqqtLtIV5bQhye3D0Guj/rY/VqKcaqitghCB9/gC/Xsg/ikfWI1MJqeqqg3ow7vaY7uZ 61Zt4PadOJ9Hg8Bl7wPh4M+Gun+3NpDoxMx/DIBVFrvKL0M8HaJvhZQc4Yi72stwTJ7i mMBuaEs698KUjhhEvrezATLGxJLV12xPaiBYrNWLZoucDRTsvgTBeYK8K4c3+EG3w4Ho zTKA== X-Gm-Message-State: AE9vXwMm36RKPHawDmrzuRrn0pWxCYJSjjsojZZe9jp/ODaRzOS454VUwMu9JtVmX7nT4kkBuk4ya7MMsbYeQw== X-Received: by 10.36.212.6 with SMTP id x6mr2722290itg.71.1473986317392; Thu, 15 Sep 2016 17:38:37 -0700 (PDT) MIME-Version: 1.0 Sender: wlosh@bsdimp.com Received: by 10.36.65.7 with HTTP; Thu, 15 Sep 2016 17:38:36 -0700 (PDT) X-Originating-IP: [69.53.245.200] In-Reply-To: <7022fa33-8789-0ac1-fbc9-7c2780149b49@openmailbox.org> References: <614a3aa7-a903-23f5-33b8-c367f22cd454@openmailbox.org> <7022fa33-8789-0ac1-fbc9-7c2780149b49@openmailbox.org> From: Warner Losh Date: Thu, 15 Sep 2016 17:38:36 -0700 X-Google-Sender-Auth: kepRbIkjSyJtErua0rFzgX1ETq0 Message-ID: Subject: Re: Multiple possible null-pointer dereferences To: Daniil Berendeev Cc: Benjamin Kaduk , "freebsd-hackers@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 00:38:38 -0000 On Thu, Sep 15, 2016 at 12:36 PM, Daniil Berendeev wrote: > >> But, all the pasted examples looked like they were or were likely to be in >> contrib code > Yes, the pasted examples are from contrib/ code, but similar code exists > in usr.sbin/, sys/, crypto/, lib/, libexec/, sbin/, just a few examples > from sys: > > 1) sys/boot/ficl/ficl.c:274 > void ficlFreeVM(FICL_VM *pVM) > { > // Again, we at first dereference the pointer > FICL_SYSTEM *pSys = pVM->pSys; > FICL_VM *pList = pSys->vmList; > > // And then check if it is valid > assert(pVM != 0); > // ... While technically a bug, this bug would never be triggered given how the boot loader works. It's super easy to fix, so we might as well, but to be clear it will zero affect on the actual runtime performance of the code give the greater structure of the code. Warner