* [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c
@ 2007-09-04 8:25 Micah Gruber
2007-09-04 11:06 ` Jens Axboe
0 siblings, 1 reply; 7+ messages in thread
From: Micah Gruber @ 2007-09-04 8:25 UTC (permalink / raw)
To: linux-kernel, linux-usb-devel, gregkh
This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
---
--- a/drivers/usb/storage/shuttle_usbat.c
+++ b/drivers/usb/storage/shuttle_usbat.c
@@ -187,12 +187,14 @@
*/
static int usbat_check_status(struct us_data *us)
{
- unsigned char *reply = us->iobuf;
+ unsigned char *reply;
int rc;
if (!us)
return USB_STOR_TRANSPORT_ERROR;
+ reply = us->iobuf;
+
rc = usbat_get_status(us, reply);
if (rc != USB_STOR_XFER_GOOD)
return USB_STOR_TRANSPORT_FAILED;
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c
2007-09-04 8:25 [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c Micah Gruber
@ 2007-09-04 11:06 ` Jens Axboe
2007-09-04 19:57 ` Simon Holm Thøgersen
0 siblings, 1 reply; 7+ messages in thread
From: Jens Axboe @ 2007-09-04 11:06 UTC (permalink / raw)
To: Micah Gruber; +Cc: linux-kernel, linux-usb-devel, gregkh
On Tue, Sep 04 2007, Micah Gruber wrote:
> This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
>
> Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
Be careful with stuff like that, if you actually look at the code, a us
== NULL doesn't seem to be possible (or usbat_flash_transport() would
have oopsed before).
--
Jens Axboe
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c
2007-09-04 11:06 ` Jens Axboe
@ 2007-09-04 19:57 ` Simon Holm Thøgersen
2007-09-04 20:58 ` [linux-usb-devel] " Alan Stern
2007-09-04 21:06 ` Jens Axboe
0 siblings, 2 replies; 7+ messages in thread
From: Simon Holm Thøgersen @ 2007-09-04 19:57 UTC (permalink / raw)
To: Jens Axboe; +Cc: Micah Gruber, linux-kernel, linux-usb-devel, gregkh
tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> On Tue, Sep 04 2007, Micah Gruber wrote:
> > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> >
> > Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
>
> Be careful with stuff like that, if you actually look at the code, a us
> == NULL doesn't seem to be possible (or usbat_flash_transport() would
> have oopsed before).
>
If that is true, then
if (!us)
return USB_STOR_TRANSPORT_ERROR;
is utterly pointless.
Simon Holm Thøgersen
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [linux-usb-devel] [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c
2007-09-04 19:57 ` Simon Holm Thøgersen
@ 2007-09-04 20:58 ` Alan Stern
2007-09-04 21:06 ` Jens Axboe
1 sibling, 0 replies; 7+ messages in thread
From: Alan Stern @ 2007-09-04 20:58 UTC (permalink / raw)
To: Simon Holm Thøgersen
Cc: Jens Axboe, gregkh, linux-kernel, Micah Gruber, linux-usb-devel
On Tue, 4 Sep 2007, Simon Holm Thøgersen wrote:
> > tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> > On Tue, Sep 04 2007, Micah Gruber wrote:
> > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> > >
> > > Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
> >
> > Be careful with stuff like that, if you actually look at the code, a us
> > == NULL doesn't seem to be possible (or usbat_flash_transport() would
> > have oopsed before).
> >
> If that is true, then
> if (!us)
> return USB_STOR_TRANSPORT_ERROR;
> is utterly pointless.
Indeed, so it is.
Alan Stern
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c
2007-09-04 19:57 ` Simon Holm Thøgersen
2007-09-04 20:58 ` [linux-usb-devel] " Alan Stern
@ 2007-09-04 21:06 ` Jens Axboe
2007-09-06 22:33 ` [PATCH] Remove pointless NULL pointer check " Simon Holm Thøgersen
1 sibling, 1 reply; 7+ messages in thread
From: Jens Axboe @ 2007-09-04 21:06 UTC (permalink / raw)
To: Simon Holm Thøgersen
Cc: Micah Gruber, linux-kernel, linux-usb-devel, gregkh
On Tue, Sep 04 2007, Simon Holm Thøgersen wrote:
> tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> > On Tue, Sep 04 2007, Micah Gruber wrote:
> > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> > >
> > > Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
> >
> > Be careful with stuff like that, if you actually look at the code, a us
> > == NULL doesn't seem to be possible (or usbat_flash_transport() would
> > have oopsed before).
> >
> If that is true, then
> if (!us)
> return USB_STOR_TRANSPORT_ERROR;
> is utterly pointless.
Well that was the point I was trying to make, that test and return
should be deleted instead.
--
Jens Axboe
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] Remove pointless NULL pointer check in drivers/usb/storage/shuttle_usbat.c.
2007-09-04 21:06 ` Jens Axboe
@ 2007-09-06 22:33 ` Simon Holm Thøgersen
2007-09-10 16:33 ` Jens Axboe
0 siblings, 1 reply; 7+ messages in thread
From: Simon Holm Thøgersen @ 2007-09-06 22:33 UTC (permalink / raw)
To: Jens Axboe; +Cc: Micah Gruber, linux-kernel, linux-usb-devel, gregkh
tir, 04 09 2007 kl. 23:06 +0200, skrev Jens Axboe:
> On Tue, Sep 04 2007, Simon Holm Thøgersen wrote:
> > tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> > > On Tue, Sep 04 2007, Micah Gruber wrote:
> > > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> > > >
> > > > Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
> > >
> > > Be careful with stuff like that, if you actually look at the code, a us
> > > == NULL doesn't seem to be possible (or usbat_flash_transport() would
> > > have oopsed before).
> > >
> > If that is true, then
> > if (!us)
> > return USB_STOR_TRANSPORT_ERROR;
> > is utterly pointless.
>
> Well that was the point I was trying to make, that test and return
> should be deleted instead.
>
I guess we agree that we want the following then.
If us would ever be NULL, the function would have oopsed already before
the check.
Signed-off-by: Simon Holm Thøgersen <odie@cs.aau.dk>
---
--- a/drivers/usb/storage/shuttle_usbat.c
+++ b/drivers/usb/storage/shuttle_usbat.c
@@ -190,9 +190,6 @@ static int usbat_check_status(struct us_data *us)
unsigned char *reply = us->iobuf;
int rc;
- if (!us)
- return USB_STOR_TRANSPORT_ERROR;
-
rc = usbat_get_status(us, reply);
if (rc != USB_STOR_XFER_GOOD)
return USB_STOR_TRANSPORT_FAILED;
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Remove pointless NULL pointer check in drivers/usb/storage/shuttle_usbat.c.
2007-09-06 22:33 ` [PATCH] Remove pointless NULL pointer check " Simon Holm Thøgersen
@ 2007-09-10 16:33 ` Jens Axboe
0 siblings, 0 replies; 7+ messages in thread
From: Jens Axboe @ 2007-09-10 16:33 UTC (permalink / raw)
To: Simon Holm Thøgersen
Cc: Micah Gruber, linux-kernel, linux-usb-devel, gregkh
On Fri, Sep 07 2007, Simon Holm Thøgersen wrote:
> tir, 04 09 2007 kl. 23:06 +0200, skrev Jens Axboe:
> > On Tue, Sep 04 2007, Simon Holm Thøgersen wrote:
> > > tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> > > > On Tue, Sep 04 2007, Micah Gruber wrote:
> > > > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> > > > >
> > > > > Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
> > > >
> > > > Be careful with stuff like that, if you actually look at the code, a us
> > > > == NULL doesn't seem to be possible (or usbat_flash_transport() would
> > > > have oopsed before).
> > > >
> > > If that is true, then
> > > if (!us)
> > > return USB_STOR_TRANSPORT_ERROR;
> > > is utterly pointless.
> >
> > Well that was the point I was trying to make, that test and return
> > should be deleted instead.
> >
> I guess we agree that we want the following then.
>
>
> If us would ever be NULL, the function would have oopsed already before
> the check.
Yep, looks much better.
Acked-by: Jens Axboe <jens.axboe@oracle.com>
>
> Signed-off-by: Simon Holm Thøgersen <odie@cs.aau.dk>
> ---
>
> --- a/drivers/usb/storage/shuttle_usbat.c
> +++ b/drivers/usb/storage/shuttle_usbat.c
> @@ -190,9 +190,6 @@ static int usbat_check_status(struct us_data *us)
> unsigned char *reply = us->iobuf;
> int rc;
>
> - if (!us)
> - return USB_STOR_TRANSPORT_ERROR;
> -
> rc = usbat_get_status(us, reply);
> if (rc != USB_STOR_XFER_GOOD)
> return USB_STOR_TRANSPORT_FAILED;
>
>
--
Jens Axboe
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2007-09-10 16:33 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-04 8:25 [PATCH] Fix a potential NULL pointer dereference in usbat_check_status() in drivers/usb/storage/shuttle_usbat.c Micah Gruber
2007-09-04 11:06 ` Jens Axboe
2007-09-04 19:57 ` Simon Holm Thøgersen
2007-09-04 20:58 ` [linux-usb-devel] " Alan Stern
2007-09-04 21:06 ` Jens Axboe
2007-09-06 22:33 ` [PATCH] Remove pointless NULL pointer check " Simon Holm Thøgersen
2007-09-10 16:33 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).