fix coredump when sched_rr_get_interval parameter ts is NULL

Submitted by zhuyan (M) on May 8, 2020, 2:46 p.m.

Details

Message ID 2f7471a2f0ac45f6bfc48191e16b25ec@huawei.com
State New
Series "fix coredump when sched_rr_get_interval parameter ts is NULL"
Headers show

Commit Message

zhuyan (M) May 8, 2020, 2:46 p.m.
In function sched_rr_get_interval, there is a risk of null pointer reference. On line 12, when ts is NULL, dereferencing the null pointer will cause the program coredump.

Therefore, it must ensure that ts is not empty before use.

Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
---
 src/sched/sched_rr_get_interval.c | 2 ++
 1 file changed, 2 insertions(+)

--
2.24.0

Patch hide | download patch | download mbox

diff --git a/src/sched/sched_rr_get_interval.c b/src/sched/sched_rr_get_interval.c
index 33a3d1a..3577291 100644
--- a/src/sched/sched_rr_get_interval.c
+++ b/src/sched/sched_rr_get_interval.c
@@ -9,6 +9,8 @@  int sched_rr_get_interval(pid_t pid, struct timespec *ts)
 		long ts32[2];
 		int r = __syscall(SYS_sched_rr_get_interval, pid, ts32);
 		if (!r) {
+			if (ts == NULL)
+				return -1;
 			ts->tv_sec = ts32[0];
 			ts->tv_nsec = ts32[1];
 		}

Comments

Markus Wichmann May 8, 2020, 3:47 p.m.
On Fri, May 08, 2020 at 02:46:56PM +0000, zhuyan (M) wrote:
> In function sched_rr_get_interval, there is a risk of null pointer reference. On line 12, when ts is NULL, dereferencing the null pointer will cause the program coredump.
>
> Therefore, it must ensure that ts is not empty before use.
>

Is calling this function with a NULL pointer sensible? The manpage
certainly doesn't say so. Usually policy in musl is to not fix
application bugs, but to dereference pointers without NULL pointer check
unless there is an explicit requirement in the relevant standards that a
NULL pointer be accepted.

Ciao,
Markus
Rich Felker May 8, 2020, 6:45 p.m.
On Fri, May 08, 2020 at 05:47:37PM +0200, Markus Wichmann wrote:
> On Fri, May 08, 2020 at 02:46:56PM +0000, zhuyan (M) wrote:
> > In function sched_rr_get_interval, there is a risk of null pointer
> > reference. On line 12, when ts is NULL, dereferencing the null
> > pointer will cause the program coredump.
> >
> > Therefore, it must ensure that ts is not empty before use.
> >
> 
> Is calling this function with a NULL pointer sensible? The manpage
> certainly doesn't say so. Usually policy in musl is to not fix
> application bugs, but to dereference pointers without NULL pointer check
> unless there is an explicit requirement in the relevant standards that a
> NULL pointer be accepted.

Indeed, sched_rr_get_interval has no contract to accept a null
pointer, and doesn't even have a plausible reason to want to call it
with one (the only output is in the pointed-to memory).

Rich