* [PATCH] Fix for possible null pointer dereference in keyspan.c
@ 2014-05-15 21:55 Rickard Strandqvist
2014-05-16 15:30 ` Johan Hovold
0 siblings, 1 reply; 3+ messages in thread
From: Rickard Strandqvist @ 2014-05-15 21:55 UTC (permalink / raw)
To: Johan Hovold, Greg Kroah-Hartman
Cc: Rickard Strandqvist, linux-usb, linux-kernel
There is otherwise a risk of a possible null pointer dereference.
Was largely found by using a static code analysis program called cppcheck.
Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
---
drivers/usb/serial/keyspan.c | 4 ++--
1 fil ändrad, 2 tillägg(+), 2 borttagningar(-)
diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c
index d3acaea..93cb7ce 100644
--- a/drivers/usb/serial/keyspan.c
+++ b/drivers/usb/serial/keyspan.c
@@ -1535,14 +1535,14 @@ static int keyspan_usa26_send_setup(struct usb_serial *serial,
this_urb = p_priv->outcont_urb;
- dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
-
/* Make sure we have an urb then send the message */
if (this_urb == NULL) {
dev_dbg(&port->dev, "%s - oops no urb.\n", __func__);
return -1;
}
+ dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
+
/* Save reset port val for resend.
Don't overwrite resend for open/close condition. */
if ((reset_port + 1) > p_priv->resend_cont)
--
1.7.10.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Fix for possible null pointer dereference in keyspan.c
2014-05-15 21:55 [PATCH] Fix for possible null pointer dereference in keyspan.c Rickard Strandqvist
@ 2014-05-16 15:30 ` Johan Hovold
2014-05-16 15:39 ` [PATCH] USB: keyspan: fix potential null pointer dereference Johan Hovold
0 siblings, 1 reply; 3+ messages in thread
From: Johan Hovold @ 2014-05-16 15:30 UTC (permalink / raw)
To: Rickard Strandqvist
Cc: Johan Hovold, Greg Kroah-Hartman, linux-usb, linux-kernel
On Thu, May 15, 2014 at 11:55:10PM +0200, Rickard Strandqvist wrote:
> There is otherwise a risk of a possible null pointer dereference.
I don't think this can be triggered unless the URB allocation fails at
probe, but let's move the offending line nonetheless.
I'll fix up the patch subject as well.
> Was largely found by using a static code analysis program called cppcheck.
>
> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
> ---
> drivers/usb/serial/keyspan.c | 4 ++--
> 1 fil ändrad, 2 tillägg(+), 2 borttagningar(-)
Diff stats in Swedish?! :)
Thanks,
Johan
> diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c
> index d3acaea..93cb7ce 100644
> --- a/drivers/usb/serial/keyspan.c
> +++ b/drivers/usb/serial/keyspan.c
> @@ -1535,14 +1535,14 @@ static int keyspan_usa26_send_setup(struct usb_serial *serial,
>
> this_urb = p_priv->outcont_urb;
>
> - dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
> -
> /* Make sure we have an urb then send the message */
> if (this_urb == NULL) {
> dev_dbg(&port->dev, "%s - oops no urb.\n", __func__);
> return -1;
> }
>
> + dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
> +
> /* Save reset port val for resend.
> Don't overwrite resend for open/close condition. */
> if ((reset_port + 1) > p_priv->resend_cont)
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] USB: keyspan: fix potential null pointer dereference
2014-05-16 15:30 ` Johan Hovold
@ 2014-05-16 15:39 ` Johan Hovold
0 siblings, 0 replies; 3+ messages in thread
From: Johan Hovold @ 2014-05-16 15:39 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Rickard Strandqvist, linux-usb, linux-kernel, stable,
Johan Hovold
From: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
Move control-urb dereference to after NULL-check. There is otherwise a
risk of a possible null pointer dereference.
Was largely found by using a static code analysis program called
cppcheck.
[Johan: modify commit message somewhat ]
Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
Cc: stable <stable@vger.kernel.org> # v2.6.12
Signed-off-by: Johan Hovold <jhovold@gmail.com>
---
drivers/usb/serial/keyspan.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c
index d3acaead5a81..93cb7cebda62 100644
--- a/drivers/usb/serial/keyspan.c
+++ b/drivers/usb/serial/keyspan.c
@@ -1535,14 +1535,14 @@ static int keyspan_usa26_send_setup(struct usb_serial *serial,
this_urb = p_priv->outcont_urb;
- dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
-
/* Make sure we have an urb then send the message */
if (this_urb == NULL) {
dev_dbg(&port->dev, "%s - oops no urb.\n", __func__);
return -1;
}
+ dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
+
/* Save reset port val for resend.
Don't overwrite resend for open/close condition. */
if ((reset_port + 1) > p_priv->resend_cont)
--
1.8.5.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-05-16 15:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-15 21:55 [PATCH] Fix for possible null pointer dereference in keyspan.c Rickard Strandqvist
2014-05-16 15:30 ` Johan Hovold
2014-05-16 15:39 ` [PATCH] USB: keyspan: fix potential null pointer dereference Johan Hovold
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox