[PATHv11 17/43] net: sandbox: fix NULL pointer derefences
Simon Glass
sjg at chromium.org
Sat Dec 2 19:33:14 CET 2023
Hi Maxim,
On Mon, 27 Nov 2023 at 11:20, Tom Rini <trini at konsulko.com> wrote:
>
> On Mon, Nov 27, 2023 at 06:57:00PM +0600, Maxim Uvarov wrote:
> > Add additional checks for NULL pointers.
> >
> > Signed-off-by: Maxim Uvarov <maxim.uvarov at linaro.org>
> > ---
> > drivers/net/sandbox.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/drivers/net/sandbox.c b/drivers/net/sandbox.c
> > index 13022addb6..75d32db3a9 100644
> > --- a/drivers/net/sandbox.c
> > +++ b/drivers/net/sandbox.c
> > @@ -65,6 +65,9 @@ int sandbox_eth_arp_req_to_reply(struct udevice *dev, void *packet,
> > struct ethernet_hdr *eth_recv;
> > struct arp_hdr *arp_recv;
> >
> > + if (!priv)
> > + return -EAGAIN;
> > +
> > if (ntohs(eth->et_protlen) != PROT_ARP)
> > return -EAGAIN;
>
> This part seems fine.
>
> > @@ -82,6 +85,8 @@ int sandbox_eth_arp_req_to_reply(struct udevice *dev, void *packet,
> >
> > /* Formulate a fake response */
> > eth_recv = (void *)priv->recv_packet_buffer[priv->recv_packets];
> > + if (!eth_recv)
> > + return -EAGAIN;
> > memcpy(eth_recv->et_dest, eth->et_src, ARP_HLEN);
> > memcpy(eth_recv->et_src, priv->fake_host_hwaddr, ARP_HLEN);
> > eth_recv->et_protlen = htons(PROT_ARP);
>
> How do we get to this dereference, and is that not a bug in the caller?
I wonder if somehow the device has not been probed yet?
Regards,
Simon
More information about the U-Boot
mailing list