From owner-svn-src-all@freebsd.org Sun May 6 19:04:36 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 511FDFC30B4; Sun, 6 May 2018 19:04:36 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-io0-f173.google.com (mail-io0-f173.google.com [209.85.223.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CA7D37FABB; Sun, 6 May 2018 19:04:35 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-io0-f173.google.com with SMTP id d11-v6so31165329iof.11; Sun, 06 May 2018 12:04:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=wN8jPPvBLTJhK/VPKXL2yhavfBb6rvKhx4w5mO33LrE=; b=Eka3Bv5h9f5KJLya6XGXnq17VJlG2Snos5twbw0qkGwgKlqW2iae6CkZcjgUoerQDD oxXSjYAsTZrQJps2Wj0h6FTZZ2JTlMURQpePh1zvRQxrnuVnJH9t/BRCvNUr2papeXuI f93mB1JqOdm8ka65FESJZzXYo4YjnvFCzF7rZvu96xtJrH4Mx/qUCXthByIZdt28h/nn W5X7giPKihvUfDaSutLOajpddxesiiQjwBSt4PXtTtBGOmNdDswXmH9mdoCgfIfOFMgS 1ZNNfu6UtIQ6HjHhj22bJPt6ZYjWRsnsX73Dl4oa0/DT7Gnh5YdsM81O+TTCmXYT1M1D DQZw== X-Gm-Message-State: ALQs6tCgVZu+PDUdzuoQEVsgQYULw/aKd6o5e27ba6OpI0u+eQhSCWNH RwNMLEnhSslMva3d1DGS68IrNfu4 X-Google-Smtp-Source: AB8JxZqHvjjv2Px1nmESIa/PEHPT9oRHyVLThNE+QYvNmZZ2RL6i/jUSN7qv/TXgEycTamEI7leFiQ== X-Received: by 2002:a6b:752:: with SMTP id 79-v6mr37997795ioh.216.1525626570712; Sun, 06 May 2018 10:09:30 -0700 (PDT) Received: from mail-it0-f44.google.com (mail-it0-f44.google.com. [209.85.214.44]) by smtp.gmail.com with ESMTPSA id s69-v6sm1711257ita.23.2018.05.06.10.09.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 06 May 2018 10:09:30 -0700 (PDT) Received: by mail-it0-f44.google.com with SMTP id 70-v6so8844080ity.2; Sun, 06 May 2018 10:09:30 -0700 (PDT) X-Received: by 2002:a24:1f4a:: with SMTP id d71-v6mr16840359itd.53.1525626570070; Sun, 06 May 2018 10:09:30 -0700 (PDT) MIME-Version: 1.0 Reply-To: cem@freebsd.org Received: by 2002:a02:a40b:0:0:0:0:0 with HTTP; Sun, 6 May 2018 10:09:29 -0700 (PDT) In-Reply-To: <201805061419.w46EJpj3094778@repo.freebsd.org> References: <201805061419.w46EJpj3094778@repo.freebsd.org> From: Conrad Meyer Date: Sun, 6 May 2018 10:09:29 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r333304 - head/sys/netinet To: Michael Tuexen Cc: src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 May 2018 19:04:36 -0000 FYI, Coverity can detect this kind of issue scanning the kernel (not just usrsctp). It was detected as CID 1385266 on FreeBSD's Coverity Scan. Best, Conrad On Sun, May 6, 2018 at 7:19 AM, Michael Tuexen wrote: > Author: tuexen > Date: Sun May 6 14:19:50 2018 > New Revision: 333304 > URL: https://svnweb.freebsd.org/changeset/base/333304 > > Log: > Ensure we are not dereferencing a NULL pointer. > > This was found by Coverity scanning the usrsctp stack (CID 203808). > > MFC after: 3 days > > Modified: > head/sys/netinet/sctp_indata.c > > Modified: head/sys/netinet/sctp_indata.c > ============================================================================== > --- head/sys/netinet/sctp_indata.c Sun May 6 13:59:56 2018 (r333303) > +++ head/sys/netinet/sctp_indata.c Sun May 6 14:19:50 2018 (r333304) > @@ -3621,7 +3621,9 @@ sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, stru > SCTP_SO_NOT_LOCKED); > } > /* Make sure to flag we had a FR */ > - tp1->whoTo->net_ack++; > + if (tp1->whoTo != NULL) { > + tp1->whoTo->net_ack++; > + } > continue; > } > } >