Re: [PATCH] sb1000: prevent a potential NULL pointer dereference in sb1000_dev_ioctl()

From: Domen Puncer
Date: Sun Jul 29 2007 - 01:00:10 EST

Next message: Roland Dreier: "Re: [ck] Re: Linus 2.6.23-rc1"
Previous message: Roland McGrath: "[PATCH] Add /sys/module/name/notes"
Next in thread: Satyam Sharma: "Re: [PATCH] sb1000: prevent a potential NULL pointer dereference insb1000_dev_ioctl()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 29/07/07 00:02 +0200, Jesper Juhl wrote:
> Hi,
>
> Here's a small patch, prompted by a find by the Coverity checker,
> that removes a potential NULL pointer dereference from
> drivers/net/sb1000.c::sb1000_dev_ioctl().
> The checker spotted that we do a NULL test of 'dev', yet we
> dereference the pointer prior to that check.
> This patch simply moves the dereference after the NULL test.

But... it can't be called without a valid 'dev', no?
A quick 'grep do_ioctl net/' confirms that all calls are in
the form of 'dev->do_ioctl(dev, ...'.

Domen

> @@ -991,11 +991,13 @@ static int sb1000_dev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
> short PID[4];
> int ioaddr[2], status, frequency;
> unsigned int stats[5];
> - struct sb1000_private *lp = netdev_priv(dev);
> + struct sb1000_private *lp;
>
> if (!(dev && dev->flags & IFF_UP))
> return -ENODEV;
>
> + lp = netdev_priv(dev);
> +
> ioaddr[0] = dev->base_addr;
> /* mem_start holds the second I/O address */
> ioaddr[1] = dev->mem_start;
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roland Dreier: "Re: [ck] Re: Linus 2.6.23-rc1"
Previous message: Roland McGrath: "[PATCH] Add /sys/module/name/notes"
Next in thread: Satyam Sharma: "Re: [PATCH] sb1000: prevent a potential NULL pointer dereference insb1000_dev_ioctl()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]