Date: Thu, 02 Nov 2023 16:42:14 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 274874] A possible null-pointer dereference caused by a data race in sys/dev/firewire/fwdev.c Message-ID: <bug-274874-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274874 Bug ID: 274874 Summary: A possible null-pointer dereference caused by a data race in sys/dev/firewire/fwdev.c Product: Base System Version: 14.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: islituo@gmail.com In the function fw_read(), ir->stproc is first checked to be not NULL: } else if (ir->stproc !=3D NULL) { and then is dereferenced after releasing the protecting lock: FW_GUNLOCK(fc); fp =3D (struct fw_pkt *)fwdma_v_addr(ir->buf, ir->stproc->poffset + ir->queued); However, if ir->stproc is set to NULL by other functions such as fw_write() right after the lock is released, a null-pointer dereference can occur: it->stproc =3D NULL; --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274874-227>