* [PATCH] staging: line6: toneport.c: Fix for possible null pointer dereference
@ 2014-05-19 21:39 Rickard Strandqvist
2014-05-20 7:34 ` Stefan Hajnoczi
2014-05-20 22:04 ` Dan Carpenter
0 siblings, 2 replies; 5+ messages in thread
From: Rickard Strandqvist @ 2014-05-19 21:39 UTC (permalink / raw)
To: Greg Kroah-Hartman, Rashika Kheria
Cc: Rickard Strandqvist, Stefan Hajnoczi, Dan Carpenter, devel,
linux-kernel
There is otherwise a risk of a possible null pointer dereference.
Was largely found by using a static code analysis program called cppcheck.
Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
---
drivers/staging/line6/toneport.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
index af2e7e5..36fe76d 100644
--- a/drivers/staging/line6/toneport.c
+++ b/drivers/staging/line6/toneport.c
@@ -431,11 +431,15 @@ void line6_toneport_disconnect(struct usb_interface *interface)
{
struct usb_line6_toneport *toneport;
u16 idProduct;
+ struct snd_line6_pcm *line6pcm;
if (interface == NULL)
return;
toneport = usb_get_intfdata(interface);
+ if (toneport == NULL)
+ return;
+
del_timer_sync(&toneport->timer);
idProduct = le16_to_cpu(toneport->line6.usbdev->descriptor.idProduct);
@@ -444,13 +448,11 @@ void line6_toneport_disconnect(struct usb_interface *interface)
device_remove_file(&interface->dev, &dev_attr_led_green);
}
- if (toneport != NULL) {
- struct snd_line6_pcm *line6pcm = toneport->line6.line6pcm;
+ line6pcm = toneport->line6.line6pcm;
- if (line6pcm != NULL) {
- line6_pcm_release(line6pcm, LINE6_BITS_PCM_MONITOR);
- line6_pcm_disconnect(line6pcm);
- }
+ if (line6pcm != NULL) {
+ line6_pcm_release(line6pcm, LINE6_BITS_PCM_MONITOR);
+ line6_pcm_disconnect(line6pcm);
}
toneport_destruct(interface);
--
1.7.10.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] staging: line6: toneport.c: Fix for possible null pointer dereference
2014-05-19 21:39 [PATCH] staging: line6: toneport.c: Fix for possible null pointer dereference Rickard Strandqvist
@ 2014-05-20 7:34 ` Stefan Hajnoczi
2014-05-20 22:04 ` Dan Carpenter
1 sibling, 0 replies; 5+ messages in thread
From: Stefan Hajnoczi @ 2014-05-20 7:34 UTC (permalink / raw)
To: Rickard Strandqvist
Cc: Greg Kroah-Hartman, Rashika Kheria, Dan Carpenter, devel,
linux-kernel
On Mon, May 19, 2014 at 11:39 PM, Rickard Strandqvist
<rickard_strandqvist@spectrumdigital.se> wrote:
> There is otherwise a risk of a possible null pointer dereference.
>
> Was largely found by using a static code analysis program called cppcheck.
>
> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
> ---
> drivers/staging/line6/toneport.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
> index af2e7e5..36fe76d 100644
> --- a/drivers/staging/line6/toneport.c
> +++ b/drivers/staging/line6/toneport.c
> @@ -431,11 +431,15 @@ void line6_toneport_disconnect(struct usb_interface *interface)
> {
> struct usb_line6_toneport *toneport;
> u16 idProduct;
> + struct snd_line6_pcm *line6pcm;
>
> if (interface == NULL)
> return;
>
> toneport = usb_get_intfdata(interface);
> + if (toneport == NULL)
> + return;
> +
> del_timer_sync(&toneport->timer);
> idProduct = le16_to_cpu(toneport->line6.usbdev->descriptor.idProduct);
>
> @@ -444,13 +448,11 @@ void line6_toneport_disconnect(struct usb_interface *interface)
> device_remove_file(&interface->dev, &dev_attr_led_green);
> }
>
> - if (toneport != NULL) {
> - struct snd_line6_pcm *line6pcm = toneport->line6.line6pcm;
Didn't look into this but it's the traditional "use before NULL
check". Can't hurt to fix it.
Reviewed-by: Stefan Hajnoczi <stefanha@gmail.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] staging: line6: toneport.c: Fix for possible null pointer dereference
2014-05-19 21:39 [PATCH] staging: line6: toneport.c: Fix for possible null pointer dereference Rickard Strandqvist
2014-05-20 7:34 ` Stefan Hajnoczi
@ 2014-05-20 22:04 ` Dan Carpenter
1 sibling, 0 replies; 5+ messages in thread
From: Dan Carpenter @ 2014-05-20 22:04 UTC (permalink / raw)
To: Rickard Strandqvist
Cc: Greg Kroah-Hartman, Rashika Kheria, devel, Stefan Hajnoczi,
linux-kernel
On Mon, May 19, 2014 at 11:39:00PM +0200, Rickard Strandqvist wrote:
> There is otherwise a risk of a possible null pointer dereference.
>
> Was largely found by using a static code analysis program called cppcheck.
>
> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
This one is called from line6_disconnect() and the caller checks that
usb_get_intfdata(interface); returns non-NULL. So it's messy code but
not a real bug.
For the lustre ones, I don't know if they are real bugs or not.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] staging: line6: toneport.c: Fix for possible null pointer dereference
@ 2014-12-21 22:43 Rickard Strandqvist
2014-12-22 7:34 ` Stefan Hajnoczi
0 siblings, 1 reply; 5+ messages in thread
From: Rickard Strandqvist @ 2014-12-21 22:43 UTC (permalink / raw)
To: Greg Kroah-Hartman, Jerry Snitselaar
Cc: Rickard Strandqvist, Fabian Mewes, Stefan Hajnoczi, devel,
linux-kernel
The NULL check was done to late, and there it was a risk
of a possible null pointer dereference.
This was partially found by using a static code analysis program called cppcheck.
Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
---
drivers/staging/line6/toneport.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
index 6943715..660dc3f 100644
--- a/drivers/staging/line6/toneport.c
+++ b/drivers/staging/line6/toneport.c
@@ -433,12 +433,16 @@ void line6_toneport_reset_resume(struct usb_line6_toneport *toneport)
void line6_toneport_disconnect(struct usb_interface *interface)
{
struct usb_line6_toneport *toneport;
+ struct snd_line6_pcm *line6pcm;
u16 idProduct;
if (interface == NULL)
return;
toneport = usb_get_intfdata(interface);
+ if (NULL == toneport)
+ return;
+
del_timer_sync(&toneport->timer);
idProduct = le16_to_cpu(toneport->line6.usbdev->descriptor.idProduct);
@@ -447,13 +451,10 @@ void line6_toneport_disconnect(struct usb_interface *interface)
device_remove_file(&interface->dev, &dev_attr_led_green);
}
- if (toneport != NULL) {
- struct snd_line6_pcm *line6pcm = toneport->line6.line6pcm;
-
- if (line6pcm != NULL) {
- line6_pcm_release(line6pcm, LINE6_BITS_PCM_MONITOR);
- line6_pcm_disconnect(line6pcm);
- }
+ line6pcm = toneport->line6.line6pcm;
+ if (line6pcm != NULL) {
+ line6_pcm_release(line6pcm, LINE6_BITS_PCM_MONITOR);
+ line6_pcm_disconnect(line6pcm);
}
toneport_destruct(interface);
--
1.7.10.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] staging: line6: toneport.c: Fix for possible null pointer dereference
2014-12-21 22:43 Rickard Strandqvist
@ 2014-12-22 7:34 ` Stefan Hajnoczi
0 siblings, 0 replies; 5+ messages in thread
From: Stefan Hajnoczi @ 2014-12-22 7:34 UTC (permalink / raw)
To: Rickard Strandqvist
Cc: Greg Kroah-Hartman, Jerry Snitselaar, Fabian Mewes, devel,
linux-kernel
On Sun, Dec 21, 2014 at 10:43 PM, Rickard Strandqvist
<rickard_strandqvist@spectrumdigital.se> wrote:
> The NULL check was done to late, and there it was a risk
> of a possible null pointer dereference.
>
> This was partially found by using a static code analysis program called cppcheck.
>
> Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
> ---
> drivers/staging/line6/toneport.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
Reviewed-by: Stefan Hajnoczi <stefanha@gmail.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-12-22 7:34 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-19 21:39 [PATCH] staging: line6: toneport.c: Fix for possible null pointer dereference Rickard Strandqvist
2014-05-20 7:34 ` Stefan Hajnoczi
2014-05-20 22:04 ` Dan Carpenter
-- strict thread matches above, loose matches on Subject: below --
2014-12-21 22:43 Rickard Strandqvist
2014-12-22 7:34 ` Stefan Hajnoczi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox