* [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c
@ 2007-09-04 8:25 Micah Gruber
2007-09-04 11:06 ` Jens Axboe
0 siblings, 1 reply; 7+ messages in thread
From: Micah Gruber @ 2007-09-04 8:25 UTC (permalink / raw)
To: linux-kernel, linux-usb-devel, gregkh
This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
---
--- a/drivers/usb/storage/shuttle_usbat.c
+++ b/drivers/usb/storage/shuttle_usbat.c
@@ -187,12 +187,14 @@
*/
static int usbat_check_status(struct us_data *us)
{
- unsigned char *reply = us->iobuf;
+ unsigned char *reply;
int rc;
if (!us)
return USB_STOR_TRANSPORT_ERROR;
+ reply = us->iobuf;
+
rc = usbat_get_status(us, reply);
if (rc != USB_STOR_XFER_GOOD)
return USB_STOR_TRANSPORT_FAILED;
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c 2007-09-04 8:25 [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c Micah Gruber @ 2007-09-04 11:06 ` Jens Axboe 2007-09-04 19:57 ` Simon Holm Thøgersen 0 siblings, 1 reply; 7+ messages in thread From: Jens Axboe @ 2007-09-04 11:06 UTC (permalink / raw) To: Micah Gruber; +Cc: linux-kernel, linux-usb-devel, gregkh On Tue, Sep 04 2007, Micah Gruber wrote: > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check. > > Signed-off-by: Micah Gruber <micah.gruber@gmail.com> Be careful with stuff like that, if you actually look at the code, a us == NULL doesn't seem to be possible (or usbat_flash_transport() would have oopsed before). -- Jens Axboe ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c 2007-09-04 11:06 ` Jens Axboe @ 2007-09-04 19:57 ` Simon Holm Thøgersen 2007-09-04 20:58 ` [linux-usb-devel] " Alan Stern 2007-09-04 21:06 ` Jens Axboe 0 siblings, 2 replies; 7+ messages in thread From: Simon Holm Thøgersen @ 2007-09-04 19:57 UTC (permalink / raw) To: Jens Axboe; +Cc: Micah Gruber, linux-kernel, linux-usb-devel, gregkh tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe: > On Tue, Sep 04 2007, Micah Gruber wrote: > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check. > > > > Signed-off-by: Micah Gruber <micah.gruber@gmail.com> > > Be careful with stuff like that, if you actually look at the code, a us > == NULL doesn't seem to be possible (or usbat_flash_transport() would > have oopsed before). > If that is true, then if (!us) return USB_STOR_TRANSPORT_ERROR; is utterly pointless. Simon Holm Thøgersen ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [linux-usb-devel] [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c 2007-09-04 19:57 ` Simon Holm Thøgersen @ 2007-09-04 20:58 ` Alan Stern 2007-09-04 21:06 ` Jens Axboe 1 sibling, 0 replies; 7+ messages in thread From: Alan Stern @ 2007-09-04 20:58 UTC (permalink / raw) To: Simon Holm Thøgersen Cc: Jens Axboe, gregkh, linux-kernel, Micah Gruber, linux-usb-devel On Tue, 4 Sep 2007, Simon Holm Thøgersen wrote: > > tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe: > > On Tue, Sep 04 2007, Micah Gruber wrote: > > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check. > > > > > > Signed-off-by: Micah Gruber <micah.gruber@gmail.com> > > > > Be careful with stuff like that, if you actually look at the code, a us > > == NULL doesn't seem to be possible (or usbat_flash_transport() would > > have oopsed before). > > > If that is true, then > if (!us) > return USB_STOR_TRANSPORT_ERROR; > is utterly pointless. Indeed, so it is. Alan Stern ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c 2007-09-04 19:57 ` Simon Holm Thøgersen 2007-09-04 20:58 ` [linux-usb-devel] " Alan Stern @ 2007-09-04 21:06 ` Jens Axboe 2007-09-06 22:33 ` [PATCH] Remove pointless NULL pointer check " Simon Holm Thøgersen 1 sibling, 1 reply; 7+ messages in thread From: Jens Axboe @ 2007-09-04 21:06 UTC (permalink / raw) To: Simon Holm Thøgersen Cc: Micah Gruber, linux-kernel, linux-usb-devel, gregkh On Tue, Sep 04 2007, Simon Holm Thøgersen wrote: > tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe: > > On Tue, Sep 04 2007, Micah Gruber wrote: > > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check. > > > > > > Signed-off-by: Micah Gruber <micah.gruber@gmail.com> > > > > Be careful with stuff like that, if you actually look at the code, a us > > == NULL doesn't seem to be possible (or usbat_flash_transport() would > > have oopsed before). > > > If that is true, then > if (!us) > return USB_STOR_TRANSPORT_ERROR; > is utterly pointless. Well that was the point I was trying to make, that test and return should be deleted instead. -- Jens Axboe ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] Remove pointless NULL pointer check in drivers/usb/storage/shuttle_usbat.c. 2007-09-04 21:06 ` Jens Axboe @ 2007-09-06 22:33 ` Simon Holm Thøgersen 2007-09-10 16:33 ` Jens Axboe 0 siblings, 1 reply; 7+ messages in thread From: Simon Holm Thøgersen @ 2007-09-06 22:33 UTC (permalink / raw) To: Jens Axboe; +Cc: Micah Gruber, linux-kernel, linux-usb-devel, gregkh tir, 04 09 2007 kl. 23:06 +0200, skrev Jens Axboe: > On Tue, Sep 04 2007, Simon Holm Thøgersen wrote: > > tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe: > > > On Tue, Sep 04 2007, Micah Gruber wrote: > > > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check. > > > > > > > > Signed-off-by: Micah Gruber <micah.gruber@gmail.com> > > > > > > Be careful with stuff like that, if you actually look at the code, a us > > > == NULL doesn't seem to be possible (or usbat_flash_transport() would > > > have oopsed before). > > > > > If that is true, then > > if (!us) > > return USB_STOR_TRANSPORT_ERROR; > > is utterly pointless. > > Well that was the point I was trying to make, that test and return > should be deleted instead. > I guess we agree that we want the following then. If us would ever be NULL, the function would have oopsed already before the check. Signed-off-by: Simon Holm Thøgersen <odie@cs.aau.dk> --- --- a/drivers/usb/storage/shuttle_usbat.c +++ b/drivers/usb/storage/shuttle_usbat.c @@ -190,9 +190,6 @@ static int usbat_check_status(struct us_data *us) unsigned char *reply = us->iobuf; int rc; - if (!us) - return USB_STOR_TRANSPORT_ERROR; - rc = usbat_get_status(us, reply); if (rc != USB_STOR_XFER_GOOD) return USB_STOR_TRANSPORT_FAILED; ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Remove pointless NULL pointer check in drivers/usb/storage/shuttle_usbat.c. 2007-09-06 22:33 ` [PATCH] Remove pointless NULL pointer check " Simon Holm Thøgersen @ 2007-09-10 16:33 ` Jens Axboe 0 siblings, 0 replies; 7+ messages in thread From: Jens Axboe @ 2007-09-10 16:33 UTC (permalink / raw) To: Simon Holm Thøgersen Cc: Micah Gruber, linux-kernel, linux-usb-devel, gregkh On Fri, Sep 07 2007, Simon Holm Thøgersen wrote: > tir, 04 09 2007 kl. 23:06 +0200, skrev Jens Axboe: > > On Tue, Sep 04 2007, Simon Holm Thøgersen wrote: > > > tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe: > > > > On Tue, Sep 04 2007, Micah Gruber wrote: > > > > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check. > > > > > > > > > > Signed-off-by: Micah Gruber <micah.gruber@gmail.com> > > > > > > > > Be careful with stuff like that, if you actually look at the code, a us > > > > == NULL doesn't seem to be possible (or usbat_flash_transport() would > > > > have oopsed before). > > > > > > > If that is true, then > > > if (!us) > > > return USB_STOR_TRANSPORT_ERROR; > > > is utterly pointless. > > > > Well that was the point I was trying to make, that test and return > > should be deleted instead. > > > I guess we agree that we want the following then. > > > If us would ever be NULL, the function would have oopsed already before > the check. Yep, looks much better. Acked-by: Jens Axboe <jens.axboe@oracle.com> > > Signed-off-by: Simon Holm Thøgersen <odie@cs.aau.dk> > --- > > --- a/drivers/usb/storage/shuttle_usbat.c > +++ b/drivers/usb/storage/shuttle_usbat.c > @@ -190,9 +190,6 @@ static int usbat_check_status(struct us_data *us) > unsigned char *reply = us->iobuf; > int rc; > > - if (!us) > - return USB_STOR_TRANSPORT_ERROR; > - > rc = usbat_get_status(us, reply); > if (rc != USB_STOR_XFER_GOOD) > return USB_STOR_TRANSPORT_FAILED; > > -- Jens Axboe ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2007-09-10 16:33 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2007-09-04 8:25 [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c Micah Gruber 2007-09-04 11:06 ` Jens Axboe 2007-09-04 19:57 ` Simon Holm Thøgersen 2007-09-04 20:58 ` [linux-usb-devel] " Alan Stern 2007-09-04 21:06 ` Jens Axboe 2007-09-06 22:33 ` [PATCH] Remove pointless NULL pointer check " Simon Holm Thøgersen 2007-09-10 16:33 ` Jens Axboe
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.