diff mbox

nconfig: prevent segfault on empty menu

Message ID 4E1908BF.4010700@udo.edu (mailing list archive)
State New, archived
Headers show

Commit Message

Andrej Gelenberg July 10, 2011, 2:04 a.m. UTC 
Hello,

i found and fixed an NULL-dereference bug in nconf tool.

How to reproduce:
1. $ make nconfig
2. disable "Kernel hacking -> Debug Filesystem"
3. go to "General setup -> GCOV-based kernel profiling" and hit F2
it should segfault

Fix: i have added some checks for "struct menu*" to be NULL before it
get dereferenced

Regards,
Andrej Gelenberg
From 82be343a388a02477ffb0d464e1f2810c61a1fda Mon Sep 17 00:00:00 2001
From: Andrej Gelenberg <andrej.gelenberg@udo.edu>
Date: Sun, 10 Jul 2011 03:44:50 +0200
Subject: [PATCH] nconfig: prevent segfault on empty menu

how to reproduce:
1. $ make nconfig
2. disable "Kernel hacking -> Debug Filesystem"
3. go to "General setup -> GCOV-based kernel profiling" and hit F2
it should segfault

Fix: i have added some checks for "struct menu*" to be NULL bevor it get dereferenced

Signed-off-by: Andrej Gelenberg <andrej.gelenberg@udo.edu>
---
 scripts/kconfig/menu.c |   18 ++++++++++--------
 1 files changed, 10 insertions(+), 8 deletions(-)

Comments

Arnaud Lacombe July 10, 2011, 6:02 a.m. UTC | #1 
Hi,

On Sat, Jul 9, 2011 at 10:04 PM, Andrej Gelenberg
<andrej.gelenberg@udo.edu> wrote:
> Hello,
>
> i found and fixed an NULL-dereference bug in nconf tool.
>
> How to reproduce:
> 1. $ make nconfig
> 2. disable "Kernel hacking -> Debug Filesystem"
> 3. go to "General setup -> GCOV-based kernel profiling" and hit F2
> it should segfault
>
> Fix: i have added some checks for "struct menu*" to be NULL before it
> get dereferenced
>
I am not a huge fan of this. The frontend should be careful not to try
to request the visibility or the prompt of an invalid menu. Following
this point of view, I would rather see assertion added than a test for
NULL, and fix the frontend appropriately to catch those case. Said
otherwise, there is no reason to apply a fix on the backend for an
nconfig-only issue.

 - Arnaud

> Regards,
> Andrej Gelenberg
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
index 5fdf10d..6a09cc4 100644
--- a/scripts/kconfig/menu.c
+++ b/scripts/kconfig/menu.c
@@ -425,7 +425,7 @@  void menu_finalize(struct menu *parent)
 
 bool menu_has_prompt(struct menu *menu)
 {
-	if (!menu->prompt)
+	if ((!menu) || (!menu->prompt))
 		return false;
 	return true;
 }
@@ -436,7 +436,7 @@  bool menu_is_visible(struct menu *menu)
 	struct symbol *sym;
 	tristate visible;
 
-	if (!menu->prompt)
+	if ((!menu) || !menu->prompt)
 		return false;
 
 	if (menu->visibility) {
@@ -470,10 +470,12 @@  bool menu_is_visible(struct menu *menu)
 
 const char *menu_get_prompt(struct menu *menu)
 {
-	if (menu->prompt)
-		return menu->prompt->text;
-	else if (menu->sym)
-		return menu->sym->name;
+	if (menu) {
+		if (menu->prompt)
+			return menu->prompt->text;
+		else if (menu->sym)
+			return menu->sym->name;
+	}
 	return NULL;
 }
 
@@ -496,12 +498,12 @@  struct menu *menu_get_parent_menu(struct menu *menu)
 
 bool menu_has_help(struct menu *menu)
 {
-	return menu->help != NULL;
+	return menu && (menu->help != NULL);
 }
 
 const char *menu_get_help(struct menu *menu)
 {
-	if (menu->help)
+	if (menu && menu->help)
 		return menu->help;
 	else
 		return "";