This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
Signed-off-by: Micah Gruber <[email protected]>
---
--- a/drivers/usb/storage/shuttle_usbat.c
+++ b/drivers/usb/storage/shuttle_usbat.c
@@ -187,12 +187,14 @@
*/
static int usbat_check_status(struct us_data *us)
{
- unsigned char *reply = us->iobuf;
+ unsigned char *reply;
int rc;
if (!us)
return USB_STOR_TRANSPORT_ERROR;
+ reply = us->iobuf;
+
rc = usbat_get_status(us, reply);
if (rc != USB_STOR_XFER_GOOD)
return USB_STOR_TRANSPORT_FAILED;
On Tue, Sep 04 2007, Micah Gruber wrote:
> This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
>
> Signed-off-by: Micah Gruber <[email protected]>
Be careful with stuff like that, if you actually look at the code, a us
== NULL doesn't seem to be possible (or usbat_flash_transport() would
have oopsed before).
--
Jens Axboe
tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> On Tue, Sep 04 2007, Micah Gruber wrote:
> > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> >
> > Signed-off-by: Micah Gruber <[email protected]>
>
> Be careful with stuff like that, if you actually look at the code, a us
> == NULL doesn't seem to be possible (or usbat_flash_transport() would
> have oopsed before).
>
If that is true, then
if (!us)
return USB_STOR_TRANSPORT_ERROR;
is utterly pointless.
Simon Holm Thøgersen
On Tue, 4 Sep 2007, Simon Holm Th?gersen wrote:
> > tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> > On Tue, Sep 04 2007, Micah Gruber wrote:
> > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> > >
> > > Signed-off-by: Micah Gruber <[email protected]>
> >
> > Be careful with stuff like that, if you actually look at the code, a us
> > == NULL doesn't seem to be possible (or usbat_flash_transport() would
> > have oopsed before).
> >
> If that is true, then
> if (!us)
> return USB_STOR_TRANSPORT_ERROR;
> is utterly pointless.
Indeed, so it is.
Alan Stern
On Tue, Sep 04 2007, Simon Holm Th?gersen wrote:
> tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> > On Tue, Sep 04 2007, Micah Gruber wrote:
> > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> > >
> > > Signed-off-by: Micah Gruber <[email protected]>
> >
> > Be careful with stuff like that, if you actually look at the code, a us
> > == NULL doesn't seem to be possible (or usbat_flash_transport() would
> > have oopsed before).
> >
> If that is true, then
> if (!us)
> return USB_STOR_TRANSPORT_ERROR;
> is utterly pointless.
Well that was the point I was trying to make, that test and return
should be deleted instead.
--
Jens Axboe
tir, 04 09 2007 kl. 23:06 +0200, skrev Jens Axboe:
> On Tue, Sep 04 2007, Simon Holm Thøgersen wrote:
> > tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> > > On Tue, Sep 04 2007, Micah Gruber wrote:
> > > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> > > >
> > > > Signed-off-by: Micah Gruber <[email protected]>
> > >
> > > Be careful with stuff like that, if you actually look at the code, a us
> > > == NULL doesn't seem to be possible (or usbat_flash_transport() would
> > > have oopsed before).
> > >
> > If that is true, then
> > if (!us)
> > return USB_STOR_TRANSPORT_ERROR;
> > is utterly pointless.
>
> Well that was the point I was trying to make, that test and return
> should be deleted instead.
>
I guess we agree that we want the following then.
If us would ever be NULL, the function would have oopsed already before
the check.
Signed-off-by: Simon Holm Thøgersen <[email protected]>
---
--- a/drivers/usb/storage/shuttle_usbat.c
+++ b/drivers/usb/storage/shuttle_usbat.c
@@ -190,9 +190,6 @@ static int usbat_check_status(struct us_data *us)
unsigned char *reply = us->iobuf;
int rc;
- if (!us)
- return USB_STOR_TRANSPORT_ERROR;
-
rc = usbat_get_status(us, reply);
if (rc != USB_STOR_XFER_GOOD)
return USB_STOR_TRANSPORT_FAILED;
On Fri, Sep 07 2007, Simon Holm Th?gersen wrote:
> tir, 04 09 2007 kl. 23:06 +0200, skrev Jens Axboe:
> > On Tue, Sep 04 2007, Simon Holm Th?gersen wrote:
> > > tir, 04 09 2007 kl. 13:06 +0200, skrev Jens Axboe:
> > > > On Tue, Sep 04 2007, Micah Gruber wrote:
> > > > > This patch fixes a potential null dereference bug where we dereference us before a null check. This patch simply moves the dereferencing after the null check.
> > > > >
> > > > > Signed-off-by: Micah Gruber <[email protected]>
> > > >
> > > > Be careful with stuff like that, if you actually look at the code, a us
> > > > == NULL doesn't seem to be possible (or usbat_flash_transport() would
> > > > have oopsed before).
> > > >
> > > If that is true, then
> > > if (!us)
> > > return USB_STOR_TRANSPORT_ERROR;
> > > is utterly pointless.
> >
> > Well that was the point I was trying to make, that test and return
> > should be deleted instead.
> >
> I guess we agree that we want the following then.
>
>
> If us would ever be NULL, the function would have oopsed already before
> the check.
Yep, looks much better.
Acked-by: Jens Axboe <[email protected]>
>
> Signed-off-by: Simon Holm Th?gersen <[email protected]>
> ---
>
> --- a/drivers/usb/storage/shuttle_usbat.c
> +++ b/drivers/usb/storage/shuttle_usbat.c
> @@ -190,9 +190,6 @@ static int usbat_check_status(struct us_data *us)
> unsigned char *reply = us->iobuf;
> int rc;
>
> - if (!us)
> - return USB_STOR_TRANSPORT_ERROR;
> -
> rc = usbat_get_status(us, reply);
> if (rc != USB_STOR_XFER_GOOD)
> return USB_STOR_TRANSPORT_FAILED;
>
>
--
Jens Axboe