Bug 261454
| Summary: | Fix a possible Null pointer dereference about svc_xprt_alloc() | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Zhou Qingyang <zhou1615> | ||||
| Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||
| Status: | Closed Not A Bug | ||||||
| Severity: | Affects Many People | CC: | kib | ||||
| Priority: | --- | ||||||
| Version: | Unspecified | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
Why the result of svc_xprt_alloc() need to be checked? How could it return NULL? The function uses mem_alloc() for two allocations, and mem_alloc() is malloc(M_WAITOK) which always succeed. |
Created attachment 231294 [details] A simple fix for this bugs In sys/rpc/svc_vc.c() file, the return value of svc_xprt_alloc() is not checked before the dereference in svc_vc_create_conn() function, svc_vc_create_backchannel() function and svc_vc_create(). svc_xprt_alloc() could return NULL on failure of allocation, which could lead to NULL pointer dereference. Fix this bugs by adding checks of svc_xprt_alloc() in all three functions. This bug is found by static analyzer, please advise.