Checks if 'port' is NULL before using it in all tty operations, this
can avoid NULL pointer dereferences.
Signed-off-by: Luiz Capitulino <[email protected]>
drivers/usb/serial/usb-serial.c | 32 ++++++++++++++++++++++++++++++++
1 files changed, 32 insertions(+)
diff --git a/drivers/usb/serial/usb-serial.c b/drivers/usb/serial/usb-serial.c
--- a/drivers/usb/serial/usb-serial.c
+++ b/drivers/usb/serial/usb-serial.c
@@ -188,6 +188,8 @@ static int serial_open (struct tty_struc
portNumber = tty->index - serial->minor;
port = serial->port[portNumber];
+ if (!port)
+ return -ENODEV;
++port->open_count;
@@ -258,6 +260,9 @@ static int serial_write (struct tty_stru
struct usb_serial_port *port = tty->driver_data;
int retval = -EINVAL;
+ if (!port)
+ goto exit;
+
dbg("%s - port %d, %d byte(s)", __FUNCTION__, port->number, count);
if (!port->open_count) {
@@ -277,6 +282,9 @@ static int serial_write_room (struct tty
struct usb_serial_port *port = tty->driver_data;
int retval = -EINVAL;
+ if (!port)
+ goto exit;
+
dbg("%s - port %d", __FUNCTION__, port->number);
if (!port->open_count) {
@@ -296,6 +304,9 @@ static int serial_chars_in_buffer (struc
struct usb_serial_port *port = tty->driver_data;
int retval = -EINVAL;
+ if (!port)
+ goto exit;
+
dbg("%s = port %d", __FUNCTION__, port->number);
if (!port->open_count) {
@@ -314,6 +325,9 @@ static void serial_throttle (struct tty_
{
struct usb_serial_port *port = tty->driver_data;
+ if (!port)
+ return;
+
dbg("%s - port %d", __FUNCTION__, port->number);
if (!port->open_count) {
@@ -330,6 +344,9 @@ static void serial_unthrottle (struct tt
{
struct usb_serial_port *port = tty->driver_data;
+ if (!port)
+ return;
+
dbg("%s - port %d", __FUNCTION__, port->number);
if (!port->open_count) {
@@ -347,6 +364,9 @@ static int serial_ioctl (struct tty_stru
struct usb_serial_port *port = tty->driver_data;
int retval = -ENODEV;
+ if (!port)
+ goto exit;
+
dbg("%s - port %d, cmd 0x%.4x", __FUNCTION__, port->number, cmd);
if (!port->open_count) {
@@ -368,6 +388,9 @@ static void serial_set_termios (struct t
{
struct usb_serial_port *port = tty->driver_data;
+ if (!port)
+ return;
+
dbg("%s - port %d", __FUNCTION__, port->number);
if (!port->open_count) {
@@ -384,6 +407,9 @@ static void serial_break (struct tty_str
{
struct usb_serial_port *port = tty->driver_data;
+ if (!port)
+ return;
+
dbg("%s - port %d", __FUNCTION__, port->number);
if (!port->open_count) {
@@ -445,6 +471,9 @@ static int serial_tiocmget (struct tty_s
{
struct usb_serial_port *port = tty->driver_data;
+ if (!port)
+ goto exit;
+
dbg("%s - port %d", __FUNCTION__, port->number);
if (!port->open_count) {
@@ -464,6 +493,9 @@ static int serial_tiocmset (struct tty_s
{
struct usb_serial_port *port = tty->driver_data;
+ if (!port)
+ goto exit;
+
dbg("%s - port %d", __FUNCTION__, port->number);
if (!port->open_count) {
--
Luiz Fernando N. Capitulino