Fix possible NULL pointer dereference in nvlist_lookup_nvpair_ei_sep()
27ff18cd43aa
Actions

Description

Fix possible NULL pointer dereference in nvlist_lookup_nvpair_ei_sep()

Clang's static analyzer complains about a possible NULL pointer
dereference in nvlist_lookup_nvpair_ei_sep() because it unconditionally
dereferences a pointer initialized by nvpair_value_nvlist_array()
under the assumption that nvpair_value_nvlist_array() will always
initialize the pointer without checking to see if an error was returned
to indicate otherwise. This itself is improper error handling, so we fix
it. However, fixing it to properly respond to errors is not enough to
avoid a NULL pointer dereference, since we can receive NULL when the
array is empty, so we also add a NULL check.

Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14612

Details

Provenance

Richard Yao <richard.yao@alumni.stonybrook.edu>	Authored on Mar 11 2023, 6:21 PM
Brian Behlendorf <behlendorf1@llnl.gov>	Committed on Mar 14 2023, 10:25 PM

Parents

rG47b994049fd1: Silence clang static analyzer warnings about stored stack addresses

Branches

Unknown

Tags

Unknown

Event Timeline

Brian Behlendorf <behlendorf1@llnl.gov> committed rG27ff18cd43aa: Fix possible NULL pointer dereference in nvlist_lookup_nvpair_ei_sep() (authored by Richard Yao <richard.yao@alumni.stonybrook.edu>).Mar 14 2023, 10:25 PM

Changes (1)

Path

Size

module/

nvpair/

nvpair.c

rG27ff18cd43aa

View Options