| Message ID | 20230615125045.125172-1-cymi20@fudan.edu.cn (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | tools/io_uring: Fix missing check for return value of malloc() | expand |
On 6/15/23 7:50 PM, Chenyuan Mi wrote: > The malloc() function may return NULL when it fails, > which may cause null pointer deference in kmalloc(), It's a userspace app, there is no kmalloc(). Also, I don't think it's worth to fix a missing ENOMEM handling for that old test program. But anyway, let's wait for maintainers' comment on this.
On 6/15/23 7:00?AM, Ammar Faizi wrote: > On 6/15/23 7:50 PM, Chenyuan Mi wrote: >> The malloc() function may return NULL when it fails, >> which may cause null pointer deference in kmalloc(), > > It's a userspace app, there is no kmalloc(). Also, I don't think it's > worth to fix a missing ENOMEM handling for that old test program. But > anyway, let's wait for maintainers' comment on this. Definitely not worth it, and I find it odd how the author would target just one of multiple allocations in that file. I'm guessing it's because this checker only checks for malloc(), and no thought has otherwise gone into a) if the patch makes any sense at all, and b) if it does make sense, are there potentially other cases to consider?
On 6/15/23 7:26?AM, cymi20 wrote: > Actually this checker is driven by inconsistency, it find almost all > callsite of malloc() in this module has Null check, except this > callsite. 1) don't top post 2) don't send html emails But more importantly, actually check the code before making wrong statements like that. The patch is pointless.
diff --git a/tools/io_uring/io_uring-bench.c b/tools/io_uring/io_uring-bench.c index 7703f0118385..a7fedfdb9b84 100644 --- a/tools/io_uring/io_uring-bench.c +++ b/tools/io_uring/io_uring-bench.c @@ -560,6 +560,11 @@ int main(int argc, char *argv[]) pthread_create(&s->thread, NULL, submitter_fn, s); fdepths = malloc(8 * s->nr_files); + if (!fdepths) { + printf("malloc failed"); + return 1; + } + reap = calls = done = 0; do { unsigned long this_done = 0;
The malloc() function may return NULL when it fails, which may cause null pointer deference in kmalloc(), add Null check for return value of malloc(). Found by our static analysis tool. Signed-off-by: Chenyuan Mi <cymi20@fudan.edu.cn> --- tools/io_uring/io_uring-bench.c | 5 +++++ 1 file changed, 5 insertions(+)