* [PATCH] staging: tidspbridge: Fix potential NULL pointer dereference
@ 2013-06-12 14:33 Emil Goode
2013-06-12 15:08 ` Dan Carpenter
0 siblings, 1 reply; 3+ messages in thread
From: Emil Goode @ 2013-06-12 14:33 UTC (permalink / raw)
To: omar.ramirez, gregkh, justinmattock, andriy.shevchenko
Cc: devel, linux-kernel, kernel-janitors, Emil Goode
We free dcd_key on line 897 and then dereference it a few lines below.
This patch adds a NULL check to make sure we can use dcd_key.
Signed-off-by: Emil Goode <emilgoode@gmail.com>
---
drivers/staging/tidspbridge/rmgr/dbdcd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/tidspbridge/rmgr/dbdcd.c b/drivers/staging/tidspbridge/rmgr/dbdcd.c
index 3d2a26f..21ce3b7 100644
--- a/drivers/staging/tidspbridge/rmgr/dbdcd.c
+++ b/drivers/staging/tidspbridge/rmgr/dbdcd.c
@@ -899,7 +899,7 @@ int dcd_register_object(struct dsp_uuid *uuid_obj,
}
}
spin_unlock(&dbdcd_lock);
- if (&dcd_key->link = ®_key_list)
+ if (dcd_key && (&dcd_key->link = ®_key_list))
status = -EPERM;
}
--
1.7.10.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] staging: tidspbridge: Fix potential NULL pointer dereference
2013-06-12 14:33 [PATCH] staging: tidspbridge: Fix potential NULL pointer dereference Emil Goode
@ 2013-06-12 15:08 ` Dan Carpenter
2013-06-12 15:33 ` Emil Goode
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2013-06-12 15:08 UTC (permalink / raw)
To: Emil Goode
Cc: omar.ramirez, gregkh, justinmattock, andriy.shevchenko, devel,
linux-kernel, kernel-janitors
1) This patch doesn't do anything. "dcd_key" points to freed memory
but it's not a NULL pointer.
2) The original pointer doesn't dereference "dcd_key" it just takes
the address of one of the elements. I don't know the context and
can't say for sure that it's a wrong thing to do.
The code does look very suspect. Why is it checking permisions
after we already removed the element and freed it?
But it's not a dereferencing freed memory bug.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] staging: tidspbridge: Fix potential NULL pointer dereference
2013-06-12 15:08 ` Dan Carpenter
@ 2013-06-12 15:33 ` Emil Goode
0 siblings, 0 replies; 3+ messages in thread
From: Emil Goode @ 2013-06-12 15:33 UTC (permalink / raw)
To: Dan Carpenter
Cc: omar.ramirez, gregkh, justinmattock, andriy.shevchenko, devel,
linux-kernel, kernel-janitors
Thank you Dan! That's right, It's of course not NULL after freed.
Yes the code looks strange here, I'm not sure what was intended.
Best regards,
Emil
On Wed, Jun 12, 2013 at 08:08:17AM -0700, Dan Carpenter wrote:
> 1) This patch doesn't do anything. "dcd_key" points to freed memory
> but it's not a NULL pointer.
> 2) The original pointer doesn't dereference "dcd_key" it just takes
> the address of one of the elements. I don't know the context and
> can't say for sure that it's a wrong thing to do.
>
> The code does look very suspect. Why is it checking permisions
> after we already removed the element and freed it?
>
> But it's not a dereferencing freed memory bug.
>
> regards,
> dan carpenter
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-06-12 15:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-12 14:33 [PATCH] staging: tidspbridge: Fix potential NULL pointer dereference Emil Goode
2013-06-12 15:08 ` Dan Carpenter
2013-06-12 15:33 ` Emil Goode
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).