[PATCH] shell.c: Dereference after null check (CID #26083)
chrisj at rtems.org
Mon Mar 15 00:12:05 UTC 2021
On 12/3/21 2:56 am, Ryan Long wrote:
> After talking with Joel, we determined that 'out' shouldn’t be NULL by the time it gets to rtems_shell_login().
Did you examine telnet use cases, nested shell calls (eg nesting joel scripts),
telnet and joel scripts, and then the various options that can be set?
> We think that we should put in an assert to check whether stdin and stdout is NULL at https://git.rtems.org/rtems/tree/cpukit/libmisc/shell/shell.c#n968.
> Instead of the check that I put in for this patch, we think it's better to just put another assert at https://git.rtems.org/rtems/tree/cpukit/libmisc/shell/shell.c#n791 for 'out' out of paranoia and to get rid of the Coverity issue.
The semantics around this area with nesting thread calls is complicated and it
took me a while to converge on a workable solution. I suggest you consider
testing with libbsd and telnet if you are not completely sure.
I think any assert needs to placed once an understanding of all the use cases
has been done. I needed to run code and debug things to figure this out. I
thought I understood the code and was tripped up more than once. I did have
applications that support telnet and that helped.
More information about the devel