[lvc-project] [PATCH v2 net] sctp: avoid NULL dereference when chunk data buffer is missing
Marcelo Ricardo Leitner
marcelo.leitner at gmail.com
Tue Oct 21 16:42:19 MSK 2025
On Tue, Oct 21, 2025 at 04:00:36PM +0300, Alexey Simakov wrote:
> chunk->skb pointer is dereferenced in the if-block where it's supposed
> to be NULL only.
>
> chunk->skb can only be NULL if chunk->head_skb is not. Check for frag_list
> instead and do it just before replacing chunk->skb. We're sure that
> otherwise chunk->skb is non-NULL because of outer if() condition.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 90017accff61 ("sctp: Add GSO support")
> Signed-off-by: Alexey Simakov <bigalex934 at gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner at gmail.com>
Thx.
More information about the lvc-project
mailing list