[PATHv11 17/43] net: sandbox: fix NULL pointer derefences

Simon Glass sjg at chromium.org
Sat Dec 2 19:33:14 CET 2023


Hi Maxim,

On Mon, 27 Nov 2023 at 11:20, Tom Rini <trini at konsulko.com> wrote:
>
> On Mon, Nov 27, 2023 at 06:57:00PM +0600, Maxim Uvarov wrote:
> > Add additional checks for NULL pointers.
> >
> > Signed-off-by: Maxim Uvarov <maxim.uvarov at linaro.org>
> > ---
> >  drivers/net/sandbox.c | 5 +++++
> >  1 file changed, 5 insertions(+)
> >
> > diff --git a/drivers/net/sandbox.c b/drivers/net/sandbox.c
> > index 13022addb6..75d32db3a9 100644
> > --- a/drivers/net/sandbox.c
> > +++ b/drivers/net/sandbox.c
> > @@ -65,6 +65,9 @@ int sandbox_eth_arp_req_to_reply(struct udevice *dev, void *packet,
> >       struct ethernet_hdr *eth_recv;
> >       struct arp_hdr *arp_recv;
> >
> > +     if (!priv)
> > +             return -EAGAIN;
> > +
> >       if (ntohs(eth->et_protlen) != PROT_ARP)
> >               return -EAGAIN;
>
> This part seems fine.
>
> > @@ -82,6 +85,8 @@ int sandbox_eth_arp_req_to_reply(struct udevice *dev, void *packet,
> >
> >       /* Formulate a fake response */
> >       eth_recv = (void *)priv->recv_packet_buffer[priv->recv_packets];
> > +     if (!eth_recv)
> > +             return -EAGAIN;
> >       memcpy(eth_recv->et_dest, eth->et_src, ARP_HLEN);
> >       memcpy(eth_recv->et_src, priv->fake_host_hwaddr, ARP_HLEN);
> >       eth_recv->et_protlen = htons(PROT_ARP);
>
> How do we get to this dereference, and is that not a bug in the caller?

I wonder if somehow the device has not been probed yet?

Regards,
Simon


More information about the U-Boot mailing list