Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID :208191] Dereference after null check in subsys/canbus/isotp/isotp.c #22657

Closed
zephyrbot opened this issue Feb 9, 2020 · 0 comments · Fixed by #22661
Closed

[Coverity CID :208191] Dereference after null check in subsys/canbus/isotp/isotp.c #22657

zephyrbot opened this issue Feb 9, 2020 · 0 comments · Fixed by #22661
Assignees
@alexanderwachter
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/e089906b339aad4cd1b6589a3b6ce94782d93f54/subsys/canbus/isotp/isotp.c#L437

Category: Null pointer dereferences
Function: receive_add_mem
Component: Other
CID: 208191

Details:

431         ctx->act_frag = ctx->act_frag->frags;
432         if (!ctx->act_frag) {
433             LOG_ERR("No fragmet left to append data");
434             receive_report_error(ctx, ISOTP_N_BUFFER_OVERFLW);
435         }
436    
>>>     CID 208191:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "&(*ctx->act_frag).b" to "net_buf_simple_add_mem", which dereferences it.
437         net_buf_add_mem(ctx->act_frag, data + tailroom, len - tailroom);
438     }
439    
440     static void process_cf(struct isotp_recv_ctx *ctx, struct zcan_frame *frame)
441     {
442         u32_t *ud_rem_len = (u32_t *)net_buf_user_data(ctx->buf);

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug labels Feb 9, 2020
@alexanderwachter alexanderwachter mentioned this issue Feb 9, 2020
Merged
alexanderwachter added a commit to alexanderwachter/zephyr that referenced this issue Feb 10, 2020
@alexanderwachter
canbus: isotp: Fix NULL deref after overflow
1c4d003 
The implementation checks if there are not enough buffers
to add the received data. However, a return was missing
after the error signaling.

Fixes zephyrproject-rtos#22657
Coverity-CID: 208191

Signed-off-by: Alexander Wachter <[email protected]>
jukkar pushed a commit that referenced this issue Feb 10, 2020
@alexanderwachter @jukkar
canbus: isotp: Fix NULL deref after overflow
c9d76ee 
The implementation checks if there are not enough buffers
to add the received data. However, a return was missing
after the error signaling.

Fixes #22657
Coverity-CID: 208191

Signed-off-by: Alexander Wachter <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexanderwachter alexanderwachter

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Projects
None yet
Milestone
No milestone
2 participants
@alexanderwachter @zephyrbot