Re: Fix gus_pcm dereference before NULL
From: Takashi Iwai
Date: Thu Mar 16 2006 - 05:58:01 EST
At Thu, 16 Mar 2006 10:00:07 +0800,
Eugene Teo wrote:
>
> substream is dereferenced before checking for NULL.
The NULL check of substream is simply superfluous.
It is guaranteed to receive non-NULL substream and
substream->runtime.
Takashi
>
> Coverity bug #861
>
> Signed-off-by: Eugene Teo <eugene.teo@xxxxxxxxxxxxx>
>
> --- linux-2.6/sound/isa/gus/gus_pcm.c~ 2006-03-15 10:05:45.000000000 +0800
> +++ linux-2.6/sound/isa/gus/gus_pcm.c 2006-03-16 09:51:43.000000000 +0800
> @@ -103,8 +103,8 @@
>
> static void snd_gf1_pcm_trigger_up(struct snd_pcm_substream *substream)
> {
> - struct snd_pcm_runtime *runtime = substream->runtime;
> - struct gus_pcm_private *pcmp = runtime->private_data;
> + struct snd_pcm_runtime *runtime;
> + struct gus_pcm_private *pcmp;
> struct snd_gus_card * gus = pcmp->gus;
> unsigned long flags;
> unsigned char voice_ctrl, ramp_ctrl;
> @@ -114,8 +114,10 @@
> unsigned char pan;
> unsigned int voice;
>
> - if (substream == NULL)
> + if (substream == NULL || substream->runtime == NULL)
> return;
> + runtime = substream->runtime;
> + pcmp = runtime->private_data;
> spin_lock_irqsave(&pcmp->lock, flags);
> if (pcmp->flags & SNDRV_GF1_PCM_PFLG_ACTIVE) {
> spin_unlock_irqrestore(&pcmp->lock, flags);
>
> --
> 1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
> main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/