Re: [CORRECTION][PATCH] Fix a potential NULL pointer dereference inuli526x_interrupt() in drivers/net/tulip/uli526x.c
From: Andrew Morton
Date: Thu Sep 13 2007 - 05:04:21 EST
On Tue, 04 Sep 2007 16:14:06 +0800 Micah Gruber <micah.gruber@xxxxxxxxx> wrote:
> This patch fixes a potential null dereference bug where we dereference dev before a null check. This patch simply moves the dereferencing after the null check.
>
> Signed-off-by: Micah Gruber <micah.gruber@xxxxxxxxx>
> ---
>
> --- a/drivers/net/tulip/uli526x.c
> +++ b/drivers/net/tulip/uli526x.c
> @@ -663,7 +663,7 @@
> {
> struct net_device *dev = dev_id;
> struct uli526x_board_info *db = netdev_priv(dev);
> - unsigned long ioaddr = dev->base_addr;
> + unsigned long ioaddr;
> unsigned long flags;
>
> if (!dev) {
> @@ -671,6 +671,8 @@
> return IRQ_NONE;
> }
>
> + ioaddr = dev->base_addr;
> +
> spin_lock_irqsave(&db->lock, flags);
> outl(0, ioaddr + DCR7);
>
I suspect the fix we want is:
--- a/drivers/net/tulip/uli526x.c~fix-a-potential-null-pointer-dereference-in-uli526x_interrupt
+++ a/drivers/net/tulip/uli526x.c
@@ -666,11 +666,6 @@ static irqreturn_t uli526x_interrupt(int
unsigned long ioaddr = dev->base_addr;
unsigned long flags;
- if (!dev) {
- ULI526X_DBUG(1, "uli526x_interrupt() without DEVICE arg", 0);
- return IRQ_NONE;
- }
-
spin_lock_irqsave(&db->lock, flags);
outl(0, ioaddr + DCR7);
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/