[patch] drivers/scsi/dpt_i2o.c: fix a NULL pointer dereference

From: Adrian Bunk (bunk_at_stusta.de)
Date: 11/27/05

  • Next message: Adrian Bunk: "[2.6 patch] drivers/message/i2o/pci.c: fix a NULL pointer dereference" 
    Date:	Sun, 27 Nov 2005 00:36:37 +0100
To: Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>, Marcelo Tosatti <marcelo.tosatti@cyclades.com>

    The Coverity checker spotted this obvious NULL pointer dereference.

    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Acked-by: Mark Salyzyn <mark_salyzyn@adaptec.com> 

    ---
This patch was already sent on:
- 23 Nov 2005
- 21 Nov 2005
 drivers/scsi/dpt_i2o.c |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)
--- linux-2.6.15-rc1-mm2-full/drivers/scsi/dpt_i2o.c.old	2005-11-20 22:13:37.000000000 +0100
+++ linux-2.6.15-rc1-mm2-full/drivers/scsi/dpt_i2o.c	2005-11-20 22:16:57.000000000 +0100
@@ -816,7 +816,7 @@
 static void adpt_i2o_sys_shutdown(void)
 {
 	adpt_hba *pHba, *pNext;
-	struct adpt_i2o_post_wait_data *p1, *p2;
+	struct adpt_i2o_post_wait_data *p1, *old;
 
 	 printk(KERN_INFO"Shutting down Adaptec I2O controllers.\n");
 	 printk(KERN_INFO"   This could take a few minutes if there are many devices attached\n");
@@ -830,13 +830,14 @@
 	}
 
 	/* Remove any timedout entries from the wait queue.  */
-	p2 = NULL;
 //	spin_lock_irqsave(&adpt_post_wait_lock, flags);
 	/* Nothing should be outstanding at this point so just
 	 * free them 
 	 */
-	for(p1 = adpt_post_wait_queue; p1; p2 = p1, p1 = p2->next) {
-		kfree(p1);
+	for(p1 = adpt_post_wait_queue; p1;) {
+		old = p1;
+		p1 = p1->next;
+		kfree(old);
 	}
 //	spin_unlock_irqrestore(&adpt_post_wait_lock, flags);
 	adpt_post_wait_queue = NULL;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
  • Next message: Adrian Bunk: "[2.6 patch] drivers/message/i2o/pci.c: fix a NULL pointer dereference"

    Relevant Pages

    • Re: 2.6.1-mm1 - OOPs and hangs during modprobe
      ... > Unable to handle kernel NULL pointer dereference at virtual address 00000004 ... > Call Trace: ... The `check for truncated module' patch is clearly triggering when it should ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: 2.6.15-rc1-mm1
      ... > Unable to handle kernel NULL pointer dereference at virtual address 00000010 ... Begin forwarded message: ... (and it looks like my fault because I sent out a wrong patch). ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: [PROBLEM] ip_conntrack_ftp module oops under 2.6.1-mm2
      ... > Unable to handle kernel NULL pointer dereference at virtual address 00000004 ... This is probably due to a bug in a patch to the module subsystem in ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • [patch] drivers/scsi/dpt_i2o.c: fix a NULL pointer dereference
      ... The Coverity checker spotted this obvious NULL pointer dereference. ... This patch was already sent on: ... static void adpt_i2o_sys_shutdown ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: [parisc-linux] Re: [PATCH 3/9] mm: parisc pte atomicity
      ... using your own tmpalias area sounds much better than getting ... I've simply not wrapped my head around the races, ... it looks like we agree that my patch is necessary and valid as is; ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)