1. Patchew
  2. linux
  3. View series

[PATCH] tools/lib/slab: Fix potential NULL pointer dereference in kmalloc()

Kuan-Wei Chiu posted 1 patch 1 year, 8 months ago 
tools/lib/slab.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] tools/lib/slab: Fix potential NULL pointer dereference in kmalloc()
Posted by Kuan-Wei Chiu 1 year, 8 months ago 
In kmalloc(), add a check to ensure that the pointer 'ret' is not NULL
before attempting to memset it when the __GFP_ZERO flag is set. This
prevents a potential NULL pointer dereference.

Signed-off-by: Kuan-Wei Chiu <visitorckw@gmail.com>
---
 tools/lib/slab.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/lib/slab.c b/tools/lib/slab.c
index 959997fb0652..aeaf535b422a 100644
--- a/tools/lib/slab.c
+++ b/tools/lib/slab.c
@@ -22,7 +22,7 @@ void *kmalloc(size_t size, gfp_t gfp)
 	uatomic_inc(&kmalloc_nr_allocated);
 	if (kmalloc_verbose)
 		printf("Allocating %p from malloc\n", ret);
-	if (gfp & __GFP_ZERO)
+	if (gfp & __GFP_ZERO && ret)
 		memset(ret, 0, size);
 	return ret;
 }
-- 
2.34.1
Re: [PATCH] tools/lib/slab: Fix potential NULL pointer dereference in kmalloc()
Posted by Andrew Morton 1 year, 8 months ago 
On Sat, 25 May 2024 03:14:59 +0800 Kuan-Wei Chiu <visitorckw@gmail.com> wrote:

> In kmalloc(), add a check to ensure that the pointer 'ret' is not NULL
> before attempting to memset it when the __GFP_ZERO flag is set. This
> prevents a potential NULL pointer dereference.
> 
> ...
>
> --- a/tools/lib/slab.c
> +++ b/tools/lib/slab.c
> @@ -22,7 +22,7 @@ void *kmalloc(size_t size, gfp_t gfp)
>  	uatomic_inc(&kmalloc_nr_allocated);
>  	if (kmalloc_verbose)
>  		printf("Allocating %p from malloc\n", ret);
> -	if (gfp & __GFP_ZERO)
> +	if (gfp & __GFP_ZERO && ret)
>  		memset(ret, 0, size);
>  	return ret;
>  }

I suspect we have a lot of unchecked mallocs in our userspace code.  If
there's an argument for fixing them all(?) then it would be best to do
this in a wholesale fashion rather than patch-at-a-time piecemeal.
Re: [PATCH] tools/lib/slab: Fix potential NULL pointer dereference in kmalloc()
Posted by Kuan-Wei Chiu 1 year, 8 months ago 
On Fri, May 24, 2024 at 12:23:50PM -0700, Andrew Morton wrote:
> On Sat, 25 May 2024 03:14:59 +0800 Kuan-Wei Chiu <visitorckw@gmail.com> wrote:
> 
> > In kmalloc(), add a check to ensure that the pointer 'ret' is not NULL
> > before attempting to memset it when the __GFP_ZERO flag is set. This
> > prevents a potential NULL pointer dereference.
> > 
> > ...
> >
> > --- a/tools/lib/slab.c
> > +++ b/tools/lib/slab.c
> > @@ -22,7 +22,7 @@ void *kmalloc(size_t size, gfp_t gfp)
> >  	uatomic_inc(&kmalloc_nr_allocated);
> >  	if (kmalloc_verbose)
> >  		printf("Allocating %p from malloc\n", ret);
> > -	if (gfp & __GFP_ZERO)
> > +	if (gfp & __GFP_ZERO && ret)
> >  		memset(ret, 0, size);
> >  	return ret;
> >  }
> 
> I suspect we have a lot of unchecked mallocs in our userspace code.  If
> there's an argument for fixing them all(?) then it would be best to do
> this in a wholesale fashion rather than patch-at-a-time piecemeal.
>
It seems likely that I'm not the first to notice the unchecked mallocs
in our userspace code if they're indeed widespread. Are there specific
reasons or guidelines indicating when malloc checks are necessary, and
when they can be omitted?

Regards,
Kuan-Wei

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.