ac100 team mailing list archive

Thread
Date

Re: [patch] staging: nvec: potential NULL dereference on error path

To: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
From: Julian Andres Klode <jak@xxxxxxxxxxxxx>
Date: Thu, 7 Nov 2013 12:10:14 +0100
Cc: devel@xxxxxxxxxxxxxxxxxxxx, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, kernel-janitors@xxxxxxxxxxxxxxx, Rob Herring <rob.herring@xxxxxxxxxxx>, linux-tegra@xxxxxxxxxxxxxxx, Grant Likely <grant.likely@xxxxxxxxxx>, ac100@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20131107075418.GL21844@elgon.mountain>
Sender: julian.klode@xxxxxxxxx

(Replying to all now)

On Thu, Nov 7, 2013 at 8:54 AM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> We assume nvec->rx can be NULL earlier so I have added a check here as
> well.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> diff --git a/drivers/staging/nvec/nvec.c b/drivers/staging/nvec/nvec.c
> index 3066ee2..c64e069 100644
> --- a/drivers/staging/nvec/nvec.c
> +++ b/drivers/staging/nvec/nvec.c
> @@ -681,7 +681,8 @@ static irqreturn_t nvec_interrupt(int irq, void *dev)
>                         dev_err(nvec->dev,
>                                 "RX buffer overflow on %p: "
>                                 "Trying to write byte %u of %u\n",
> -                               nvec->rx, nvec->rx->pos, NVEC_MSG_SIZE);
> +                               nvec->rx, nvec->rx ? nvec->rx->pos : -1,
> +                               NVEC_MSG_SIZE);
>                 break;
>         default:
>                 nvec->state = 0;

In the TX case, we print 0 if nvec->tx is NULL, so using -1 if
nvec->rx is NULL would be inconsistent.

-- 
Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.