pvoice is missing a NULL check. channel needs a bound check too.
Coverity bug #862
Signed-off-by: Eugene Teo <[email protected]>
--- linux-2.6/sound/pci/ali5451/ali5451.c~ 2006-03-15 10:05:45.000000000 +0800
+++ linux-2.6/sound/pci/ali5451/ali5451.c 2006-03-16 09:27:53.000000000 +0800
@@ -990,7 +990,13 @@
if (!(old & mask))
return;
+ if (channel < 0 || channel >= ALI_CHANNELS)
+ return;
+
pvoice = &codec->synth.voices[channel];
+ if (pvoice == NULL)
+ return;
+
runtime = pvoice->substream->runtime;
udelay(100);
--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
At Thu, 16 Mar 2006 09:36:02 +0800,
Eugene Teo wrote:
>
> pvoice is missing a NULL check. channel needs a bound check too.
Both checks are not necessary. There is a single caller to this
function, and the channel argument is a loop value of
for (channel = 0; channel < ALI_CHANNELS; channel++)
snd_ali_update_ptr(codec, channel);
pvoice is the address pointing a part of a structure, so it cannot be
NULL anyway. If a check were needed, it should be if (codec != NULL).
Takashi
>
> Coverity bug #862
>
> Signed-off-by: Eugene Teo <[email protected]>
>
> --- linux-2.6/sound/pci/ali5451/ali5451.c~ 2006-03-15 10:05:45.000000000 +0800
> +++ linux-2.6/sound/pci/ali5451/ali5451.c 2006-03-16 09:27:53.000000000 +0800
> @@ -990,7 +990,13 @@
> if (!(old & mask))
> return;
>
> + if (channel < 0 || channel >= ALI_CHANNELS)
> + return;
> +
> pvoice = &codec->synth.voices[channel];
> + if (pvoice == NULL)
> + return;
> +
> runtime = pvoice->substream->runtime;
>
> udelay(100);
>
> --
> 1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
> main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
Hi Takashi-san,
<quote sender="Takashi Iwai">
> At Thu, 16 Mar 2006 09:36:02 +0800,
> Eugene Teo wrote:
> >
> > pvoice is missing a NULL check. channel needs a bound check too.
>
> Both checks are not necessary. There is a single caller to this
> function, and the channel argument is a loop value of
All right.
> for (channel = 0; channel < ALI_CHANNELS; channel++)
> snd_ali_update_ptr(codec, channel);
>
> pvoice is the address pointing a part of a structure, so it cannot be
> NULL anyway. If a check were needed, it should be if (codec != NULL).
A check for codec is unnecessary. snd_ali_card_interrupt() is the only
caller for snd_ali_interrupt() and it checks codec for NULL before it
calls the function to perform the above for loop.
Thanks.
Eugene
--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }