From: Jonathan Cameron <jic23@cam.ac.uk>
To: "Hennerich, Michael" <Michael.Hennerich@analog.com>
Cc: "linux-iio@vger.kernel.org" <linux-iio@vger.kernel.org>,
"device-drivers-devel@blackfin.uclinux.org"
<device-drivers-devel@blackfin.uclinux.org>,
Drivers <Drivers@analog.com>
Subject: Re: [PATCH] iio: imu: adis16400: Avoid null pointer dereference
Date: Fri, 26 Aug 2011 13:06:06 +0100 [thread overview]
Message-ID: <4E578C2E.4010002@cam.ac.uk> (raw)
In-Reply-To: <544AC56F16B56944AEC3BD4E3D59177146E6F62D45@LIMKCMBX1.ad.analog.com>
On 08/26/11 12:40, Hennerich, Michael wrote:
> Jonathan Cameron wrote on 2011-08-26:
>> On 08/26/11 09:43, michael.hennerich@analog.com wrote:
>>> From: Michael Hennerich <michael.hennerich@analog.com>
>>>
>>> Not sure if this is a proper fix. However it should do the trick.
>>> ring->scan_maks is allocated in iio_ring_buffer_register() which called
>>> after adis16400_configure_ring. So the time this pointer dereference
>>> takes place scan_mask is uninitialized.
>> Dratt missed that one. This definitely isn't the right fix as it will
>> get wiped out when that element is initialized.
>>
>> Mostly I fixed equivalents elsewhere by not setting a default. After all
>> user space shouldn't be relying on any particular set of channels being
>> enable anyway. Do we have a good reason to not just remove it here?
>
> Feel free to remove it - I don't have a good reason other than convenience...
Added to the patch that scraps the rest of these and pushed out to iio-blue.git
>
>>> Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
>>> ---
>>> drivers/staging/iio/imu/adis16400_ring.c | 2 +-
>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>> diff --git a/drivers/staging/iio/imu/adis16400_ring.c
>>> b/drivers/staging/iio/imu/adis16400_ring.c index 1a47d07..f6d50be
>>> 100644 --- a/drivers/staging/iio/imu/adis16400_ring.c +++
>>> b/drivers/staging/iio/imu/adis16400_ring.c @@ -191,7 +191,7 @@ int
>>> adis16400_configure_ring(struct iio_dev
>> *indio_dev)
>>> ring->setup_ops = &adis16400_ring_setup_ops;
>>> ring->owner = THIS_MODULE;
>>> /* Set default scan mode - assumes single long is big enough */
>>> - *ring->scan_mask = st->variant->default_scan_mask;
>>> + ring->scan_mask = &st->variant->default_scan_mask;
>>> ring->scan_count = hweight_long(st->variant->default_scan_mask);
>>>
>>> indio_dev->pollfunc =
>> iio_alloc_pollfunc(&iio_pollfunc_store_time,
>>
>
> Greetings,
> Michael
>
> --
> Analog Devices GmbH Wilhelm-Wagenfeld-Str. 6 80807 Muenchen
> Sitz der Gesellschaft: Muenchen; Registergericht: Muenchen HRB 40368;
> Geschaeftsfuehrer:Dr.Carsten Suckrow, Thomas Wessel, William A. Martin, Margaret Seif
>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-iio" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
prev parent reply other threads:[~2011-08-26 11:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-26 8:43 [PATCH] iio: imu: adis16400: Avoid null pointer dereference michael.hennerich
2011-08-26 9:20 ` Jonathan Cameron
2011-08-26 11:40 ` Hennerich, Michael
2011-08-26 12:06 ` Jonathan Cameron [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E578C2E.4010002@cam.ac.uk \
--to=jic23@cam.ac.uk \
--cc=Drivers@analog.com \
--cc=Michael.Hennerich@analog.com \
--cc=device-drivers-devel@blackfin.uclinux.org \
--cc=linux-iio@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).