virtio_net: fix the potential NULL pointer in xmit_skb()

Message ID	1392350408-3811-1-git-send-email-wuzhy@linux.vnet.ibm.com
State	Rejected, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Gateway: Authorized Use Only! Violators will be prosecuted for <netdev@vger.kernel.org> from <wuzhy@linux.vnet.ibm.com>; Thu, 13 Feb 2014 21:00:34 -0700 Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 13 Feb 2014 21:00:31 -0700 From: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> To: netdev@vger.kernel.org Cc: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> Subject: [PATCH] virtio_net: fix the potential NULL pointer in xmit_skb() Date: Fri, 14 Feb 2014 12:00:08 +0800 Message-Id: <1392350408-3811-1-git-send-email-wuzhy@linux.vnet.ibm.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

1392350408-3811-1-git-send-email-wuzhy@linux.vnet.ibm.com

State

Rejected, archived

Delegated to:

David Miller

Headers

From: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
To: netdev@vger.kernel.org
Cc: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Subject: [PATCH] virtio_net: fix the potential NULL pointer in xmit_skb()
Date: Fri, 14 Feb 2014 12:00:08 +0800
Message-Id: <1392350408-3811-1-git-send-email-wuzhy@linux.vnet.ibm.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

The pointer hdr isn't assigned before hdr->mhdr and hdr->hdr are used, so it could be one invalid pointer. Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> --- drivers/net/virtio_net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

David Miller Feb. 14, 2014, 5:12 a.m. UTC | #1

From: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Date: Fri, 14 Feb 2014 12:00:08 +0800

> The pointer hdr isn't assigned before hdr->mhdr and hdr->hdr
> are used, so it could be one invalid pointer.
> 
> Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>

sizeof(x) does not evaluate any dereferences made by 'x'
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Zhiyong Wu Feb. 14, 2014, 5:25 a.m. UTC | #2

On Fri, Feb 14, 2014 at 1:12 PM, David Miller <davem@davemloft.net> wrote:
> From: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
> Date: Fri, 14 Feb 2014 12:00:08 +0800
>
>> The pointer hdr isn't assigned before hdr->mhdr and hdr->hdr
>> are used, so it could be one invalid pointer.
>>
>> Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
>
> sizeof(x) does not evaluate any dereferences made by 'x'
thanks for your explanation.
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index d75f8ed..bf6397f 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -807,9 +807,9 @@  static int xmit_skb(struct send_queue *sq, struct sk_buff *skb)
 
 	pr_debug("%s: xmit %p %pM\n", vi->dev->name, skb, dest);
 	if (vi->mergeable_rx_bufs)
-		hdr_len = sizeof hdr->mhdr;
+		hdr_len = sizeof(struct virtio_net_hdr_mrg_rxbuf);
 	else
-		hdr_len = sizeof hdr->hdr;
+		hdr_len = sizeof(struct virtio_net_hdr);
 
 	can_push = vi->any_header_sg &&
 		!((unsigned long)skb->data & (__alignof__(*hdr) - 1)) &&

virtio_net: fix the potential NULL pointer in xmit_skb()

Commit Message

Comments

Patch