On Tue, Feb 11, 2025 at 07:05:09PM +0300, Anton Moryakov wrote:
> The function `prop_get_symbol` may return NULL, which was not checked
> before dereferencing the pointer in `menu_finalize`. This could lead
> to undefined behavior or crashes.
>
> This commit adds a NULL check before accessing `es->rev_dep.expr` and
> `es->implied.expr`. If `es` is NULL, a warning is logged, and the
> operation is skipped.
>
> Triggers found by static analyzer Svace.
>
> Signed-off-by: Anton Moryakov <ant.v.morya...@gmail.com>
>
> ---
> scripts/kconfig/menu.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
> index 0fe7f3255a..3fb3ab4637 100644
> --- a/scripts/kconfig/menu.c
> +++ b/scripts/kconfig/menu.c
> @@ -400,12 +400,18 @@ void menu_finalize(struct menu *parent)
> */
> if (prop->type == P_SELECT) {
> struct symbol *es =
> prop_get_symbol(prop);
> - es->rev_dep.expr =
> expr_alloc_or(es->rev_dep.expr,
> -
> expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
> + if (es) {
> + es->rev_dep.expr =
> expr_alloc_or(es->rev_dep.expr,
> +
> expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
> + } else
> + menu_warn(menu, "select
> property has no symbol");
> } else if (prop->type == P_IMPLY) {
> struct symbol *es =
> prop_get_symbol(prop);
> - es->implied.expr =
> expr_alloc_or(es->implied.expr,
> -
> expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
> + if (es) {
> + es->implied.expr =
> expr_alloc_or(es->implied.expr,
> +
> expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
> + } else
> + menu_warn(menu, "imply property
> has no symbol");
> }
> }
> }Please submit this to the upstream kernel for review, thanks! -- Tom
signature.asc
Description: PGP signature
