[Patch] Pointer dereference in net/irda/ircomm/ircomm_tty.c
From: Eric Sesterhenn
Date: Wed Mar 22 2006 - 17:44:29 EST
hi,
this fixes coverity bugs #855 and #854. In both cases tty
is dereferenced before getting checked for NULL.
Compile tested only.
Signed-off-by: Eric Sesterhenn <snakebyte@xxxxxx>
--- linux-2.6.16/net/irda/ircomm/ircomm_tty.c.orig 2006-03-22 23:40:50.000000000 +0100
+++ linux-2.6.16/net/irda/ircomm/ircomm_tty.c 2006-03-22 23:42:40.000000000 +0100
@@ -493,7 +493,7 @@ static int ircomm_tty_open(struct tty_st
*/
static void ircomm_tty_close(struct tty_struct *tty, struct file *filp)
{
- struct ircomm_tty_cb *self = (struct ircomm_tty_cb *) tty->driver_data;
+ struct ircomm_tty_cb *self;
unsigned long flags;
IRDA_DEBUG(0, "%s()\n", __FUNCTION__ );
@@ -501,6 +501,8 @@ static void ircomm_tty_close(struct tty_
if (!tty)
return;
+ self = (struct ircomm_tty_cb *) tty->driver_data;
+
IRDA_ASSERT(self != NULL, return;);
IRDA_ASSERT(self->magic == IRCOMM_TTY_MAGIC, return;);
@@ -1006,17 +1008,19 @@ static void ircomm_tty_shutdown(struct i
*/
static void ircomm_tty_hangup(struct tty_struct *tty)
{
- struct ircomm_tty_cb *self = (struct ircomm_tty_cb *) tty->driver_data;
+ struct ircomm_tty_cb *self;
unsigned long flags;
IRDA_DEBUG(0, "%s()\n", __FUNCTION__ );
- IRDA_ASSERT(self != NULL, return;);
- IRDA_ASSERT(self->magic == IRCOMM_TTY_MAGIC, return;);
-
if (!tty)
return;
+ self = (struct ircomm_tty_cb *) tty->driver_data;
+
+ IRDA_ASSERT(self != NULL, return;);
+ IRDA_ASSERT(self->magic == IRCOMM_TTY_MAGIC, return;);
+
/* ircomm_tty_flush_buffer(tty); */
ircomm_tty_shutdown(self);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/