[PATCH] scripts: kconfig: Fix potential NULL pointer dereference in
Tom Rini
trini at konsulko.com
Wed Feb 12 16:24:47 CET 2025
On Tue, Feb 11, 2025 at 07:05:09PM +0300, Anton Moryakov wrote:
> The function `prop_get_symbol` may return NULL, which was not checked
> before dereferencing the pointer in `menu_finalize`. This could lead
> to undefined behavior or crashes.
>
> This commit adds a NULL check before accessing `es->rev_dep.expr` and
> `es->implied.expr`. If `es` is NULL, a warning is logged, and the
> operation is skipped.
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
>
> ---
> scripts/kconfig/menu.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
> index 0fe7f3255a..3fb3ab4637 100644
> --- a/scripts/kconfig/menu.c
> +++ b/scripts/kconfig/menu.c
> @@ -400,12 +400,18 @@ void menu_finalize(struct menu *parent)
> */
> if (prop->type == P_SELECT) {
> struct symbol *es = prop_get_symbol(prop);
> - es->rev_dep.expr = expr_alloc_or(es->rev_dep.expr,
> - expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
> + if (es) {
> + es->rev_dep.expr = expr_alloc_or(es->rev_dep.expr,
> + expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
> + } else
> + menu_warn(menu, "select property has no symbol");
> } else if (prop->type == P_IMPLY) {
> struct symbol *es = prop_get_symbol(prop);
> - es->implied.expr = expr_alloc_or(es->implied.expr,
> - expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
> + if (es) {
> + es->implied.expr = expr_alloc_or(es->implied.expr,
> + expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
> + } else
> + menu_warn(menu, "imply property has no symbol");
> }
> }
> }
Please submit this to the upstream kernel for review, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250212/0c73fb1e/attachment.sig>
More information about the U-Boot
mailing list