Re: [2.6 patch] drivers/ieee1394/raw1394.c: fix a NULL pointer dereference

• Previous message: Adrian Bunk: "Re: [2.6 patch] drivers/ieee1394/raw1394.c: fix a NULL pointer dereference"
• In reply to: Jesper Juhl: "Re: [2.6 patch] drivers/ieee1394/raw1394.c: fix a NULL pointer dereference"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Mon, 21 Nov 2005 00:54:02 +0100
To: Jesper Juhl <jesper.juhl@gmail.com>

On Mon, Nov 21, 2005 at 12:45:14AM +0100, Jesper Juhl wrote:
> On 11/21/05, Adrian Bunk <bunk@stusta.de> wrote:
> > The coverity checker spotted that this was a NULL pointer dereference in
> > the "if (copy_from_user(...))" case.
> >
> >
> > Signed-off-by: Adrian Bunk <bunk@stusta.de>
> >
> > --- linux-2.6.15-rc1-mm2-full/drivers/ieee1394/raw1394.c.old 2005-11-20 22:08:57.000000000 +0100
> > +++ linux-2.6.15-rc1-mm2-full/drivers/ieee1394/raw1394.c 2005-11-20 22:09:34.000000000 +0100
> > @@ -2166,7 +2166,8 @@
> > }
> > }
> > }
> > - kfree(cache->filled_head);
> > + if(cache->filled_head)
> > + kfree(cache->filled_head);
> > kfree(cache);
> >
> Hmmm, kfree() deals with NULL pointers just fine, so there's no
> problem if cache->filled_head is NULL. There is, however, a NULL
> pointer deref problem if `cache' is NULL, but that's not what your
> patch checks for.
>...

OK, I was blind...

I've just sent a better patch.

cu
Adrian

-- 
       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Previous message: Adrian Bunk: "Re: [2.6 patch] drivers/ieee1394/raw1394.c: fix a NULL pointer dereference"
• In reply to: Jesper Juhl: "Re: [2.6 patch] drivers/ieee1394/raw1394.c: fix a NULL pointer dereference"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [PATCH 2.6] Altix updates ... bogus, please decide whether you want to pass a pointer to the pcibr_soft ... Also while the pic.h changes look okay they will conflict with a patch ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: [git patches 1/2] warnings: attack valid cases spotted by warnings ... calling this "making the code clearer" is a bit ridiculous. ... So rather than sending out that idiotic patch, look at that code for five ... cast to the right pointer type, so that you need *one* cast per case, ... the pointer arithmetic (ie when I change "wqe" to a real structure pointer ... (Linux-Kernel) [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] ... The right place to apply this patch is in video_usercopy. ... When video_usercopyis used in the ioctl() method, ... which should already receive the __user pointer to arg. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: [RFC, 2.6] a simple FIFO implementation ... > for coding a fifo queue with just a put and get pointer. ... This is identical to my patch (minus the fact that 'start' is called ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: [BUG REPORT 2.6.0] cisco airo_cs scheduling while atomic ... I suspect that this part of the patch to airo.c is incorrect. ... the range pointer is derived from the char *extra ... iw_range and the memset is only supposed to clear the first member. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)