Re: potential-null-pointer-dereference-in-amiga-serial-driver.patch added to -mm tree

• Previous message: Jeff Garzik: "[PATCH] AHCI PCI MSI support, update 1"
• Next in thread: Marcelo Tosatti: "Re: potential-null-pointer-dereference-in-amiga-serial-driver.patch added to -mm tree"
• Reply: Marcelo Tosatti: "Re: potential-null-pointer-dereference-in-amiga-serial-driver.patch added to -mm tree"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: akpm@osdl.org
Date:	Tue, 31 May 2005 19:49:15 +0400

On Tuesday 31 May 2005 13:08, akpm@osdl.org wrote:
> A pointer is dereferenced before it is null-checked.

> --- 25/drivers/char/amiserial.c~potential-null-pointer-dereference-in-amiga-serial-driver
> +++ 25-akpm/drivers/char/amiserial.c

> static void rs_put_char(struct tty_struct *tty, unsigned char ch)
> {
> - struct async_struct *info = (struct async_struct *)tty->driver_data;
> + struct async_struct *info;
> unsigned long flags;
>
> + if (!tty)
> + return;

Can ->put_char be ever called with tty being NULL? From my reading of
drivers/char/n_tty.c it can't.

Every single time ->put_char is used a-la

        tty->driver->put_char(tty, '\r');

So, tty will be dereferenced before function call. Same for static inline
put_char() there.

> +
> + info = tty->driver_data;

> static int rs_write(struct tty_struct * tty, const unsigned char *buf, int count)
> {

> - struct async_struct *info = (struct async_struct *)tty->driver_data;
> + struct async_struct *info;
> unsigned long flags;
>
> + if (!tty)
> + return 0;

Same question.

> +
> + info = tty->driver_data;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Previous message: Jeff Garzik: "[PATCH] AHCI PCI MSI support, update 1"
• Next in thread: Marcelo Tosatti: "Re: potential-null-pointer-dereference-in-amiga-serial-driver.patch added to -mm tree"
• Reply: Marcelo Tosatti: "Re: potential-null-pointer-dereference-in-amiga-serial-driver.patch added to -mm tree"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Linux 2.6.9-rc3 ... cast from pointer to integer of different size ... `tty' undeclared ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) 2.6.6 doesnt boot with 4k stacks ... 0000:02:0c.1 Input device controller: Creative Labs SB Live! ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: PPP over ttyUSB (visor.o, Treo) ... +static void serial_close(struct tty_struct *tty, struct file * filp) ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: something funny about ttys on 2.6.4-rc1-mm1 ... > Peter> means numbers won't be reused until wraparound happens. ... > Ouch. ... I've been using the tty name in $HISTFILE for some time now ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) [2.6 patch] drivers/char/tty_ioctl.c: make a function static (fwd) ... Subject: [2.6 patch] drivers/char/tty_ioctl.c: make a function static ... * Send a high priority character to the tty. ... send the line "unsubscribe linux-kernel" in ... Please read the FAQ at http://www.tux.org/lkml/ ... (Linux-Kernel)