Changes between Initial Version and Version 1 of Ticket #16836
- Timestamp:
- Jun 21, 2017 9:07:34 AM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #16836 – Description
initial v1 1 1 Function sf_unlink_aux() in vboxsf/dirops.c performs a dereference on dentry with the following call: 2 2 {{{ 3 3 err = sf_path_from_dentry(__func__, sf_g, sf_i, dentry, &path); 4 4 }}} 5 5 However, a few statements later dentry is being checked to see if it is a NULL pointer: 6 6 {{{ 7 7 if ( dentry 8 8 && dentry->d_inode 9 9 && ((dentry->d_inode->i_mode & S_IFLNK) == S_IFLNK)) 10 10 fFlags |= SHFL_REMOVE_SYMLINK; 11 11 }}} 12 12 Either that null pointer check is redundant or it dentry really could be NULL, in which case the earlier call to sf_path_from_dentry with a null dentry can trip a null pointer deference bug on dentry. 13 13 14 14 Anyhow, the current code looks suspect and should be fixed. 15
