Re: [patch 02/26] USB: Fix irda-usb use after use
From: Randy.Dunlap
Date: Tue Apr 04 2006 - 20:20:42 EST
On Tue, 4 Apr 2006 16:59:43 -0700 gregkh@xxxxxxx wrote:
> Don't read from free'd memory after calling netif_rx(). docopy is used as
> a boolean (0 and 1) so unsigned int is sufficient.
>
> Coverity bug #928
>
> Signed-off-by: Eugene Teo <eugene.teo@xxxxxxxxxxxxx>
> Cc: "David Miller" <davem@xxxxxxxxxxxxx>
> Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
>
> ---
>
> drivers/net/irda/irda-usb.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> --- linux-2.6.16.1.orig/drivers/net/irda/irda-usb.c
> +++ linux-2.6.16.1/drivers/net/irda/irda-usb.c
> @@ -740,7 +740,7 @@ static void irda_usb_receive(struct urb
> struct sk_buff *newskb;
> struct sk_buff *dataskb;
> struct urb *next_urb;
> - int docopy;
> + unsigned int len, docopy;
>
Is the <docopy> part of the patch just a convenience so that the patch
doesn't have to be split? I don't see this part as critical.
> IRDA_DEBUG(2, "%s(), len=%d\n", __FUNCTION__, urb->actual_length);
>
> @@ -851,10 +851,11 @@ static void irda_usb_receive(struct urb
> dataskb->dev = self->netdev;
> dataskb->mac.raw = dataskb->data;
> dataskb->protocol = htons(ETH_P_IRDA);
> + len = dataskb->len;
> netif_rx(dataskb);
>
> /* Keep stats up to date */
> - self->stats.rx_bytes += dataskb->len;
> + self->stats.rx_bytes += len;
> self->stats.rx_packets++;
> self->netdev->last_rx = jiffies;
>
>
---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/