From: Adrian Bunk <bunk@stusta.de>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Eric Sesterhenn <snakebyte@gmx.de>, linux-kernel@vger.kernel.org
Subject: Re: [Patch] Pointer dereference in net/irda/ircomm/ircomm_tty.c
Date: Wed, 5 Apr 2006 15:17:06 +0200 [thread overview]
Message-ID: <20060405131706.GB8673@stusta.de> (raw)
In-Reply-To: <20060322232247.GD7790@mipter.zuzino.mipt.ru>
On Thu, Mar 23, 2006 at 02:22:47AM +0300, Alexey Dobriyan wrote:
> On Wed, Mar 22, 2006 at 11:46:05PM +0100, Eric Sesterhenn wrote:
> > this fixes coverity bugs #855 and #854. In both cases tty
> > is dereferenced before getting checked for NULL.
>
> Before Al will flame you,
>
> IMO, what should be done is removing asserts checking for "self",
> because ->driver_data is filled in ircomm_tty_open() with valid pointer.
That's not what the Coverity checker is warning about.
It warns that "tty" is first dereferenced and later checked for NULL.
> > --- linux-2.6.16/net/irda/ircomm/ircomm_tty.c.orig
> > +++ linux-2.6.16/net/irda/ircomm/ircomm_tty.c
> > @@ -493,7 +493,7 @@ static int ircomm_tty_open(struct tty_st
> > */
> > static void ircomm_tty_close(struct tty_struct *tty, struct file *filp)
> > {
> > - struct ircomm_tty_cb *self = (struct ircomm_tty_cb *) tty->driver_data;
> > + struct ircomm_tty_cb *self;
> > unsigned long flags;
> >
> > IRDA_DEBUG(0, "%s()\n", __FUNCTION__ );
> > @@ -501,6 +501,8 @@ static void ircomm_tty_close(struct tty_
> > if (!tty)
> > return;
> >
> > + self = (struct ircomm_tty_cb *) tty->driver_data;
> > +
> > IRDA_ASSERT(self != NULL, return;);
> > IRDA_ASSERT(self->magic == IRCOMM_TTY_MAGIC, return;);
> >
> > @@ -1006,17 +1008,19 @@ static void ircomm_tty_shutdown(struct i
> > */
> > static void ircomm_tty_hangup(struct tty_struct *tty)
> > {
> > - struct ircomm_tty_cb *self = (struct ircomm_tty_cb *) tty->driver_data;
> > + struct ircomm_tty_cb *self;
> > unsigned long flags;
> >
> > IRDA_DEBUG(0, "%s()\n", __FUNCTION__ );
> >
> > - IRDA_ASSERT(self != NULL, return;);
> > - IRDA_ASSERT(self->magic == IRCOMM_TTY_MAGIC, return;);
> > -
> > if (!tty)
> > return;
> >
> > + self = (struct ircomm_tty_cb *) tty->driver_data;
> > +
> > + IRDA_ASSERT(self != NULL, return;);
> > + IRDA_ASSERT(self->magic == IRCOMM_TTY_MAGIC, return;);
> > +
> > /* ircomm_tty_flush_buffer(tty); */
> > ircomm_tty_shutdown(self);
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
prev parent reply other threads:[~2006-04-05 13:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-22 22:46 [Patch] Pointer dereference in net/irda/ircomm/ircomm_tty.c Eric Sesterhenn
2006-03-22 23:22 ` Alexey Dobriyan
2006-03-23 19:01 ` Eric Sesterhenn
2006-04-05 13:17 ` Adrian Bunk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060405131706.GB8673@stusta.de \
--to=bunk@stusta.de \
--cc=adobriyan@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=snakebyte@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox