Re: [patch] drivers/scsi/dpt_i2o.c: fix a NULL pointer dereference

From: Marcelo Tosatti
Date: Sun Nov 27 2005 - 13:33:27 EST


On Sun, Nov 27, 2005 at 12:36:37AM +0100, Adrian Bunk wrote:
> The Coverity checker spotted this obvious NULL pointer dereference.

Hi Adrian,

Could you explain why you remove the adpt_post_wait_lock acquision?

And if it does not belong there, why don't you remove it instead of
commeting out?

> Signed-off-by: Adrian Bunk <bunk@xxxxxxxxx>
> Acked-by: Mark Salyzyn <mark_salyzyn@xxxxxxxxxxx>
>
> ---
>
> This patch was already sent on:
> - 23 Nov 2005
> - 21 Nov 2005
>
> drivers/scsi/dpt_i2o.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> --- linux-2.6.15-rc1-mm2-full/drivers/scsi/dpt_i2o.c.old 2005-11-20 22:13:37.000000000 +0100
> +++ linux-2.6.15-rc1-mm2-full/drivers/scsi/dpt_i2o.c 2005-11-20 22:16:57.000000000 +0100
> @@ -816,7 +816,7 @@
> static void adpt_i2o_sys_shutdown(void)
> {
> adpt_hba *pHba, *pNext;
> - struct adpt_i2o_post_wait_data *p1, *p2;
> + struct adpt_i2o_post_wait_data *p1, *old;
>
> printk(KERN_INFO"Shutting down Adaptec I2O controllers.\n");
> printk(KERN_INFO" This could take a few minutes if there are many devices attached\n");
> @@ -830,13 +830,14 @@
> }
>
> /* Remove any timedout entries from the wait queue. */
> - p2 = NULL;
> // spin_lock_irqsave(&adpt_post_wait_lock, flags);
> /* Nothing should be outstanding at this point so just
> * free them
> */
> - for(p1 = adpt_post_wait_queue; p1; p2 = p1, p1 = p2->next) {
> - kfree(p1);
> + for(p1 = adpt_post_wait_queue; p1;) {
> + old = p1;
> + p1 = p1->next;
> + kfree(old);
> }
> // spin_unlock_irqrestore(&adpt_post_wait_lock, flags);
> adpt_post_wait_queue = NULL;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/