[PATCH] Fix for possible null pointer dereference in keyspan.c

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Fix for possible null pointer dereference in keyspan.c
@ 2014-05-15 21:55 Rickard Strandqvist
  2014-05-16 15:30 ` Johan Hovold
  0 siblings, 1 reply; 3+ messages in thread
From: Rickard Strandqvist @ 2014-05-15 21:55 UTC (permalink / raw)
  To: Johan Hovold, Greg Kroah-Hartman
  Cc: Rickard Strandqvist, linux-usb, linux-kernel

There is otherwise a risk of a possible null pointer dereference.

Was largely found by using a static code analysis program called cppcheck.

Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
---
 drivers/usb/serial/keyspan.c |    4 ++--
 1 fil ändrad, 2 tillägg(+), 2 borttagningar(-)

diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c
index d3acaea..93cb7ce 100644
--- a/drivers/usb/serial/keyspan.c
+++ b/drivers/usb/serial/keyspan.c
@@ -1535,14 +1535,14 @@ static int keyspan_usa26_send_setup(struct usb_serial *serial,
 
 	this_urb = p_priv->outcont_urb;
 
-	dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
-
 		/* Make sure we have an urb then send the message */
 	if (this_urb == NULL) {
 		dev_dbg(&port->dev, "%s - oops no urb.\n", __func__);
 		return -1;
 	}
 
+	dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
+
 	/* Save reset port val for resend.
 	   Don't overwrite resend for open/close condition. */
 	if ((reset_port + 1) > p_priv->resend_cont)
-- 
1.7.10.4


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] Fix for possible null pointer dereference in keyspan.c
  2014-05-15 21:55 [PATCH] Fix for possible null pointer dereference in keyspan.c Rickard Strandqvist
@ 2014-05-16 15:30 ` Johan Hovold
  2014-05-16 15:39   ` [PATCH] USB: keyspan: fix potential null pointer dereference Johan Hovold
  0 siblings, 1 reply; 3+ messages in thread
From: Johan Hovold @ 2014-05-16 15:30 UTC (permalink / raw)
  To: Rickard Strandqvist
  Cc: Johan Hovold, Greg Kroah-Hartman, linux-usb, linux-kernel

On Thu, May 15, 2014 at 11:55:10PM +0200, Rickard Strandqvist wrote:
> There is otherwise a risk of a possible null pointer dereference.

I don't think this can be triggered unless the URB allocation fails at
probe, but let's move the offending line nonetheless.

I'll fix up the patch subject as well.

> Was largely found by using a static code analysis program called cppcheck.
> 
> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
> ---
>  drivers/usb/serial/keyspan.c |    4 ++--
>  1 fil ändrad, 2 tillägg(+), 2 borttagningar(-)

Diff stats in Swedish?! :)

Thanks,
Johan

> diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c
> index d3acaea..93cb7ce 100644
> --- a/drivers/usb/serial/keyspan.c
> +++ b/drivers/usb/serial/keyspan.c
> @@ -1535,14 +1535,14 @@ static int keyspan_usa26_send_setup(struct usb_serial *serial,
>  
>  	this_urb = p_priv->outcont_urb;
>  
> -	dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
> -
>  		/* Make sure we have an urb then send the message */
>  	if (this_urb == NULL) {
>  		dev_dbg(&port->dev, "%s - oops no urb.\n", __func__);
>  		return -1;
>  	}
>  
> +	dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
> +
>  	/* Save reset port val for resend.
>  	   Don't overwrite resend for open/close condition. */
>  	if ((reset_port + 1) > p_priv->resend_cont)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH] USB: keyspan: fix potential null pointer dereference
  2014-05-16 15:30 ` Johan Hovold
@ 2014-05-16 15:39   ` Johan Hovold
  0 siblings, 0 replies; 3+ messages in thread
From: Johan Hovold @ 2014-05-16 15:39 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Rickard Strandqvist, linux-usb, linux-kernel, stable,
	Johan Hovold

From: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>

Move control-urb dereference to after NULL-check. There is otherwise a
risk of a possible null pointer dereference.

Was largely found by using a static code analysis program called
cppcheck.

[Johan: modify commit message somewhat ]

Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
Cc: stable <stable@vger.kernel.org>	# v2.6.12
Signed-off-by: Johan Hovold <jhovold@gmail.com>
---
 drivers/usb/serial/keyspan.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c
index d3acaead5a81..93cb7cebda62 100644
--- a/drivers/usb/serial/keyspan.c
+++ b/drivers/usb/serial/keyspan.c
@@ -1535,14 +1535,14 @@ static int keyspan_usa26_send_setup(struct usb_serial *serial,
 
 	this_urb = p_priv->outcont_urb;
 
-	dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
-
 		/* Make sure we have an urb then send the message */
 	if (this_urb == NULL) {
 		dev_dbg(&port->dev, "%s - oops no urb.\n", __func__);
 		return -1;
 	}
 
+	dev_dbg(&port->dev, "%s - endpoint %d\n", __func__, usb_pipeendpoint(this_urb->pipe));
+
 	/* Save reset port val for resend.
 	   Don't overwrite resend for open/close condition. */
 	if ((reset_port + 1) > p_priv->resend_cont)
-- 
1.8.5.5


^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-05-16 15:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-15 21:55 [PATCH] Fix for possible null pointer dereference in keyspan.c Rickard Strandqvist
2014-05-16 15:30 ` Johan Hovold
2014-05-16 15:39   ` [PATCH] USB: keyspan: fix potential null pointer dereference Johan Hovold

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox