search

intel / openlldp

Other
54 stars 42 forks source link

Avoiding null pointer dereference #72

Closed klebertarcisio closed 3 years ago

klebertarcisio commented 3 years ago

This pull request aims to fix null pointer dereference.

Null pointer dereference

apconole commented 3 years ago

How did you catch these? Was this by code audit? Some static analysis tool?

I would like to change some of these out. It would be nice to switch to xmalloc()/xstrdup() type calls, so that we simply know that we have valid memory whenever the functions return. Under linux, the only case where malloc(), etc. will return NULL is when we've requested more memory than the system can handle. Otherwise, the overcommit mechanism is always returning a valid pointer and only when it would get faulted in will overcommit protection kick in (which might invoke OOM killer). We still need these checks (so thanks for spotting them), but maybe there's a more comprehensive cleanup we can do here.

rajeshm-elisity commented 3 years ago

I caught this by code audit.

Thanks & Regards, Rajesh

From: Aaron Conole @.> Reply to: intel/openlldp @.> Date: Monday, 5 April 2021 at 6:11 PM To: intel/openlldp @.> Cc: Subscribed @.> Subject: Re: [intel/openlldp] Avoiding null pointer dereference (#72)

How did you catch these? Was this by code audit? Some static analysis tool?

I would like to change some of these out. It would be nice to switch to xmalloc()/xstrdup() type calls, so that we simply know that we have valid memory whenever the functions return. Under linux, the only case where malloc(), etc. will return NULL is when we've requested more memory than the system can handle. Otherwise, the overcommit mechanism is always returning a valid pointer and only when it would get faulted in will overcommit protection kick in (which might invoke OOM killer). We still need these checks (so thanks for spotting them), but maybe there's a more comprehensive cleanup we can do here.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/intel/openlldp/pull/72#issuecomment-813373238, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AOFWERDN7D34ZATM37PGVJDTHGVX5ANCNFSM42JRLBCQ.