Bug 203499

Summary: KASSERT for non-NULL in g_uzip.c after value is dereferenced
Product: Base System Reporter: chadf
Component: kernAssignee: Andriy Voskoboinyk <avos>
Status: Closed FIXED    
Severity: Affects Some People CC: avos, cem
Priority: --- Keywords: patch
Version: CURRENTFlags: avos: mfc-stable12+
avos: mfc-stable11+
avos: mfc-stable10+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch to correct error none

Description chadf 2015-10-02 03:20:33 UTC 
Created attachment 161639 [details]
Patch to correct error

g_uzip_destroy_geom() in g_uzip.c deferences the variable 'gp' before the KASSERT(gp != NULL) is called. The assertion should be moved up.

        if (gp->softc == NULL) {
                DPRINTF(("%s(%s): gp->softc == NULL\n", __func__, gp->name));
                return (ENXIO);
        }

        KASSERT(gp != NULL, ("NULL geom"));

-->>

        KASSERT(gp != NULL, ("NULL geom"));
        if (gp->softc == NULL) {
                DPRINTF(("%s(%s): gp->softc == NULL\n", __func__, gp->name));
                return (ENXIO);
        }

Patch included.
Comment 1 commit-hook freebsd_committer freebsd_triage 2019-01-26 14:54:31 UTC 
A commit references this bug:

Author: avos
Date: Sat Jan 26 14:54:07 UTC 2019
New revision: 343473
URL: https://svnweb.freebsd.org/changeset/base/343473

Log:
  geom_uzip(4): move NULL pointer KASSERT check before it is dereferenced

  PR:		203499
  Submitted by:	<chadf@triularity.org>
  MFC after:	5 days

Changes:
  head/sys/geom/uzip/g_uzip.c
Comment 2 Conrad Meyer freebsd_committer freebsd_triage 2019-01-26 16:46:40 UTC 
@avos, See also:

@@ -889,13 +889,13 @@ g_uzip_destroy_geom(struct gctl_req *req, struct g_cla
 	g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, gp->name);
                                                                ^^^^^^^^
 	g_topology_assert();
 
+	KASSERT(gp != NULL, ("NULL geom"));
 	if (gp->softc == NULL) {
Comment 3 commit-hook freebsd_committer freebsd_triage 2019-01-26 17:18:24 UTC 
A commit references this bug:

Author: avos
Date: Sat Jan 26 17:17:25 UTC 2019
New revision: 343475
URL: https://svnweb.freebsd.org/changeset/base/343475

Log:
  geom_uzip(4): set 'gp != NULL' assertion on top of the function

  There was yet another access to this variable in g_trace() few
  lines upper.

  PR:		203499
  Reported by:	cem
  MFC after:	5 days
  MFC with:	343473

Changes:
  head/sys/geom/uzip/g_uzip.c
Comment 4 commit-hook freebsd_committer freebsd_triage 2019-01-31 11:37:09 UTC 
A commit references this bug:

Author: avos
Date: Thu Jan 31 11:36:29 UTC 2019
New revision: 343605
URL: https://svnweb.freebsd.org/changeset/base/343605

Log:
  MFC r343473:
  geom_uzip(4): move NULL pointer KASSERT check before it is dereferenced

  PR:		203499
  Submitted by:	<chadf@triularity.org>

  MFC r343475:
  geom_uzip(4): set 'gp != NULL' assertion on top of the function

  There was yet another access to this variable in g_trace() few
  lines upper.

  PR:		203499
  Reported by:	cem

Changes:
_U  stable/10/
  stable/10/sys/geom/uzip/g_uzip.c
_U  stable/11/
  stable/11/sys/geom/uzip/g_uzip.c
_U  stable/12/
  stable/12/sys/geom/uzip/g_uzip.c
Comment 5 commit-hook freebsd_committer freebsd_triage 2019-01-31 11:37:12 UTC 
A commit references this bug:

Author: avos
Date: Thu Jan 31 11:36:29 UTC 2019
New revision: 343605
URL: https://svnweb.freebsd.org/changeset/base/343605

Log:
  MFC r343473:
  geom_uzip(4): move NULL pointer KASSERT check before it is dereferenced

  PR:		203499
  Submitted by:	<chadf@triularity.org>

  MFC r343475:
  geom_uzip(4): set 'gp != NULL' assertion on top of the function

  There was yet another access to this variable in g_trace() few
  lines upper.

  PR:		203499
  Reported by:	cem

Changes:
_U  stable/10/
  stable/10/sys/geom/uzip/g_uzip.c
_U  stable/11/
  stable/11/sys/geom/uzip/g_uzip.c
_U  stable/12/
  stable/12/sys/geom/uzip/g_uzip.c