[PATCH] ide-tape: Avoid potential null pointer dereference inidetape_abort_pipeline()
From: Jesper Juhl
Date: Fri Mar 14 2008 - 20:27:47 EST
If a NULL 'new_last_stage' is passed to idetape_abort_pipeline() then
we'll dereference a NULL pointer and go *boom*.
The function does test for a null pointer, unfortunately it only does it
after having already dereferenced it.
Signed-off-by: Jesper Juhl <jesper.juhl@xxxxxxxxx>
---
ide-tape.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c
index 43e0e05..943290c 100644
--- a/drivers/ide/ide-tape.c
+++ b/drivers/ide/ide-tape.c
@@ -814,11 +814,14 @@ static void idetape_abort_pipeline(ide_drive_t *drive,
idetape_stage_t *new_last_stage)
{
idetape_tape_t *tape = drive->driver_data;
- idetape_stage_t *stage = new_last_stage->next;
+ idetape_stage_t *stage = NULL;
idetape_stage_t *nstage;
debug_log(DBG_PROCS, "%s: Enter %s\n", tape->name, __func__);
+ if (new_last_stage)
+ stage = new_last_stage->next;
+
while (stage) {
nstage = stage->next;
idetape_kfree_stage(tape, stage);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/