* BUG null dereference in drivers/message/fusion/mptscsih.c
@ 2009-12-14 21:02 Alexander Strakh
0 siblings, 0 replies; only message in thread
From: Alexander Strakh @ 2009-12-14 21:02 UTC (permalink / raw)
To: Eric Moore, support, DL-MPTFusionLinux, linux-scsi
KERNEL_VERSION: 2.6.32
SUBJECT: null dereference in function mptscsih_qcmd
DESCRIBE:
In ./drivers/ata/sata_mv.c in function mptscsih_qcmd
Null dereference in line 1371 of vdevice (vdevice->vtarget->id).
We assume that it may be null, because we check it in line 1361 in the if
statement. (if vdevice is null we goto to the else part in line 1366)
1300 int
1301 mptscsih_qcmd(struct scsi_cmnd *SCpnt, void (*done)(struct scsi_cmnd *))
1302 {
...
1361 if (vdevice
1362 && (vdevice->vtarget->tflags & MPT_TARGET_FLAGS_Q_YES)
1363 && (SCpnt->device->tagged_supported)) {
1364 scsictl = scsidir | MPI_SCSIIO_CONTROL_SIMPLEQ;
1365 } else {
1366 scsictl = scsidir | MPI_SCSIIO_CONTROL_UNTAGGED;
1367 }
1368
1369 /* Use the above information to set up the message frame
1370 */
1371 pScsiReq->TargetID = (u8) vdevice->vtarget->id;
1372 pScsiReq->Bus = vdevice->vtarget->channel;
...
}
Found by Linux Device Drivers Verification Project (Svace Detector)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-12-14 16:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-12-14 21:02 BUG null dereference in drivers/message/fusion/mptscsih.c Alexander Strakh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox