Re: potential null pointer dereference indrivers/isdn/hisax/isdnl2.c

From: David Miller
Date: Tue Feb 15 2011 - 15:15:26 EST

Next message: Herton Ronaldo Krzesinski: "Re: BUG at fs/namei.c:405 (nameidata_drop_rcu)"
Previous message: Milton Miller: "Re: potential null pointer dereference in drivers/isdn/hisax/isdnl2.c"
In reply to: Milton Miller: "Re: potential null pointer dereference in drivers/isdn/hisax/isdnl2.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Milton Miller <miltonm@xxxxxxx>
Date: Tue, 15 Feb 2011 14:09:16 -0600

> On Mon, 14 Feb 2011 00:53:09 -0000, Dave Miler wrote:
>> diff --git a/drivers/isdn/hisax/isdnl2.c b/drivers/isdn/hisax/isdnl2.c
>> index 0858791..98ac835 100644
>> --- a/drivers/isdn/hisax/isdnl2.c
>> +++ b/drivers/isdn/hisax/isdnl2.c
>> @@ -1243,14 +1243,21 @@ l2_st7_tout_203(struct FsmInst *fi, int event, void *arg)
>> st->l2.rc = 0;
>> }
>>
>> +static int l2_hdr_space_needed(struct Layer2 *l2)
>> +{
>> + int len = test_bit(FLG_LAPD, &l2->flag) ? 2 : 1;
>> +
>> + return len + (test_bit(FLG_LAPD, &l2->flag) ? 2 : 1);
>> +}
>> +
>
> That struck me as an funny way to write 2 * len, so I finally looked
> at the code. I think one of those should be FLG_MOD128, but then
> at that point why not use the existing l2headersize(l2, ui) with
> ui = 0?
>
> I see this is in linux-next of Feb 15, 2011.

Good catch, thanks. I'll fix this.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Herton Ronaldo Krzesinski: "Re: BUG at fs/namei.c:405 (nameidata_drop_rcu)"
Previous message: Milton Miller: "Re: potential null pointer dereference in drivers/isdn/hisax/isdnl2.c"
In reply to: Milton Miller: "Re: potential null pointer dereference in drivers/isdn/hisax/isdnl2.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]