search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 47b9940) | patch
Fix possible NULL pointer dereference in nvlist_lookup_nvpair_ei_sep()
commit27ff18cd43aae787fc74780044d0e2189d6e3d33
authorRichard Yao <richard.yao@alumni.stonybrook.edu>
Sat, 11 Mar 2023 18:21:04 +0000 (11 13:21 -0500)
committerBrian Behlendorf <behlendorf1@llnl.gov>
Tue, 14 Mar 2023 22:25:35 +0000 (14 15:25 -0700)
treef65006b0c333024b51504a970241e5f136e9704atree | snapshot (tar.gz zip)
parent47b994049fd105f54a887e19ec0669e9084b7cf2commit | diff
Fix possible NULL pointer dereference in nvlist_lookup_nvpair_ei_sep()

Clang's static analyzer complains about a possible NULL pointer
dereference in nvlist_lookup_nvpair_ei_sep() because it unconditionally
dereferences a pointer initialized by `nvpair_value_nvlist_array()`
under the assumption that `nvpair_value_nvlist_array()` will always
initialize the pointer without checking to see if an error was returned
to indicate otherwise. This itself is improper error handling, so we fix
it. However, fixing it to properly respond to errors is not enough to
avoid a NULL pointer dereference, since we can receive NULL when the
array is empty, so we also add a NULL check.

Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14612
module/nvpair/nvpair.c diff | blob | blame | history
OpenZFS on Linux and FreeBSD