Re: [PATCH] USB Pegasus driver - avoid a potential NULL pointer dereference. | netdev

Re: [PATCH] USB Pegasus driver - avoid a potential NULL pointer dereference.

From: Jesper Juhl <hidden>
Date: 2007-07-28 23:55:14
Also in: lkml

On 29/07/07, Satyam Sharma [off-list ref] wrote:

Hi,

On 7/29/07, Jesper Juhl [off-list ref] wrote:

quoted

Hello,

This patch makes sure we don't dereference a NULL pointer in
drivers/net/usb/pegasus.c::write_bulk_callback() in the initial
struct net_device *net = pegasus->net; assignment.
The existing code checks if 'pegasus' is NULL and bails out if
it is, so we better not touch that pointer until after that check.
[...]

diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c
index a05fd97..04cba6b 100644
--- a/drivers/net/usb/pegasus.c
+++ b/drivers/net/usb/pegasus.c

@@ -768,11 +768,13 @@ done:
 static void write_bulk_callback(struct urb *urb)
 {
        pegasus_t *pegasus = urb->context;
-       struct net_device *net = pegasus->net;
+       struct net_device *net;

        if (!pegasus)
                return;

+       net = pegasus->net;
+
        if (!netif_device_present(net) || !netif_running(net))
                return;

Is it really possible that we're called into this function with
urb->context == NULL? If not, I'd suggest let's just get rid of
the check itself, instead.

I'm not sure. I am not very familiar with this code. I just figured
that moving the assignment is potentially a little safer and it is
certainly no worse than the current code, so that's a safe and
potentially benneficial change. Removing the check may be safe but I'm
not certain enough to make that call...

-- 
Jesper Juhl [off-list ref]
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help