svn commit: r270999 - head/sys/kern
Konstantin Belousov
kostikbel at gmail.com
Wed Sep 3 08:47:14 UTC 2014
On Wed, Sep 03, 2014 at 08:14:07AM +0000, Gleb Smirnoff wrote:
> Author: glebius
> Date: Wed Sep 3 08:14:07 2014
> New Revision: 270999
> URL: http://svnweb.freebsd.org/changeset/base/270999
>
> Log:
> Fix dereference after NULL check.
>
> CID: 1234607
> Sponsored by: Nginx, Inc.
>
> Modified:
> head/sys/kern/kern_proc.c
>
> Modified: head/sys/kern/kern_proc.c
> ==============================================================================
> --- head/sys/kern/kern_proc.c Wed Sep 3 08:13:46 2014 (r270998)
> +++ head/sys/kern/kern_proc.c Wed Sep 3 08:14:07 2014 (r270999)
> @@ -921,10 +921,11 @@ fill_kinfo_proc_only(struct proc *p, str
> kp->ki_xstat = p->p_xstat;
> kp->ki_acflag = p->p_acflag;
> kp->ki_lock = p->p_lock;
> - if (p->p_pptr)
> + if (p->p_pptr) {
> kp->ki_ppid = proc_realparent(p)->p_pid;
> - if (p->p_flag & P_TRACED)
> - kp->ki_tracer = p->p_pptr->p_pid;
> + if (p->p_flag & P_TRACED)
> + kp->ki_tracer = p->p_pptr->p_pid;
> + }
> }
If P_TRACED is set, p_pptr must be non-NULL. Or in reverse, only kernel
process (pid 0) may have p_pptr as NULL, and it cannot be traced.
Previous code contained assertion (triggered by paging hardware) that
p_pptr is not NULL if P_TRACED is set.
It is Coverity which cannot deduce the invariant. I do not expect any
analyzer to be able to make the implication, though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20140903/7b1a9fc3/attachment.sig>
More information about the svn-src-all
mailing list