* [PATCH] dereference of uninitialized pointer in zatm
@ 2005-08-30 16:32 Al Viro
0 siblings, 0 replies; 3+ messages in thread
From: Al Viro @ 2005-08-30 16:32 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-kernel, davem
Breakage from [NET]: Kill skb->list
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
----
diff -urN RC13-base/drivers/atm/zatm.c current/drivers/atm/zatm.c
--- RC13-base/drivers/atm/zatm.c 2005-08-30 03:24:42.000000000 -0400
+++ current/drivers/atm/zatm.c 2005-08-30 03:25:18.000000000 -0400
@@ -417,9 +417,9 @@
chan = (here[3] & uPD98401_AAL5_CHAN) >>
uPD98401_AAL5_CHAN_SHIFT;
if (chan < zatm_dev->chans && zatm_dev->rx_map[chan]) {
- int pos = ZATM_VCC(vcc)->pool;
-
+ int pos;
vcc = zatm_dev->rx_map[chan];
+ pos = ZATM_VCC(vcc)->pool;
if (skb == zatm_dev->last_free[pos])
zatm_dev->last_free[pos] = NULL;
skb_unlink(skb, zatm_dev->pool + pos);
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] dereference of uninitialized pointer in zatm
@ 2005-09-02 18:46 viro
2005-09-02 19:18 ` David S. Miller
0 siblings, 1 reply; 3+ messages in thread
From: viro @ 2005-09-02 18:46 UTC (permalink / raw)
To: Linus Torvalds; +Cc: David S. Miller, linux-kernel
Fixing breakage from [NET]: Kill skb->list - original was
assign vcc
do a bunch of stuff using ZATM_VCC(vcc)->pool as common subexpression
Now we do
int pos = ZATM_VCC(vcc)->pool;
assign vcc
do a bunch of stuff
even though vcc is not even initialized when we enter that block...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
----
diff -urN RC13-uml-checker/drivers/atm/zatm.c RC13-zatm/drivers/atm/zatm.c
--- RC13-uml-checker/drivers/atm/zatm.c 2005-09-02 03:33:39.000000000 -0400
+++ RC13-zatm/drivers/atm/zatm.c 2005-09-02 03:34:19.000000000 -0400
@@ -417,9 +417,9 @@
chan = (here[3] & uPD98401_AAL5_CHAN) >>
uPD98401_AAL5_CHAN_SHIFT;
if (chan < zatm_dev->chans && zatm_dev->rx_map[chan]) {
- int pos = ZATM_VCC(vcc)->pool;
-
+ int pos;
vcc = zatm_dev->rx_map[chan];
+ pos = ZATM_VCC(vcc)->pool;
if (skb == zatm_dev->last_free[pos])
zatm_dev->last_free[pos] = NULL;
skb_unlink(skb, zatm_dev->pool + pos);
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] dereference of uninitialized pointer in zatm
2005-09-02 18:46 [PATCH] dereference of uninitialized pointer in zatm viro
@ 2005-09-02 19:18 ` David S. Miller
0 siblings, 0 replies; 3+ messages in thread
From: David S. Miller @ 2005-09-02 19:18 UTC (permalink / raw)
To: viro; +Cc: torvalds, linux-kernel
From: viro@ZenIV.linux.org.uk
Date: Fri, 2 Sep 2005 19:46:42 +0100
> Fixing breakage from [NET]: Kill skb->list - original was
> assign vcc
> do a bunch of stuff using ZATM_VCC(vcc)->pool as common subexpression
> Now we do
> int pos = ZATM_VCC(vcc)->pool;
> assign vcc
> do a bunch of stuff
> even though vcc is not even initialized when we enter that block...
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Applied, thanks Al.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-09-19 18:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-02 18:46 [PATCH] dereference of uninitialized pointer in zatm viro
2005-09-02 19:18 ` David S. Miller
-- strict thread matches above, loose matches on Subject: below --
2005-08-30 16:32 Al Viro
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.