substream is dereferenced before checking for NULL.
Coverity bug #861
Signed-off-by: Eugene Teo <[email protected]>
--- linux-2.6/sound/isa/gus/gus_pcm.c~ 2006-03-15 10:05:45.000000000 +0800
+++ linux-2.6/sound/isa/gus/gus_pcm.c 2006-03-16 09:51:43.000000000 +0800
@@ -103,8 +103,8 @@
static void snd_gf1_pcm_trigger_up(struct snd_pcm_substream *substream)
{
- struct snd_pcm_runtime *runtime = substream->runtime;
- struct gus_pcm_private *pcmp = runtime->private_data;
+ struct snd_pcm_runtime *runtime;
+ struct gus_pcm_private *pcmp;
struct snd_gus_card * gus = pcmp->gus;
unsigned long flags;
unsigned char voice_ctrl, ramp_ctrl;
@@ -114,8 +114,10 @@
unsigned char pan;
unsigned int voice;
- if (substream == NULL)
+ if (substream == NULL || substream->runtime == NULL)
return;
+ runtime = substream->runtime;
+ pcmp = runtime->private_data;
spin_lock_irqsave(&pcmp->lock, flags);
if (pcmp->flags & SNDRV_GF1_PCM_PFLG_ACTIVE) {
spin_unlock_irqrestore(&pcmp->lock, flags);
--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
On Thu, 16 Mar 2006 10:00:07 +0800 Eugene Teo wrote:
> substream is dereferenced before checking for NULL.
>
> Coverity bug #861
>
> Signed-off-by: Eugene Teo <[email protected]>
>
> --- linux-2.6/sound/isa/gus/gus_pcm.c~ 2006-03-15 10:05:45.000000000 +0800
> +++ linux-2.6/sound/isa/gus/gus_pcm.c 2006-03-16 09:51:43.000000000 +0800
> @@ -103,8 +103,8 @@
BTW, please use "-p" diff option so that the "@@" sections
include function or struct names etc. I.e., be nice to patch
readers/reviewers. :)
---
~Randy
At Thu, 16 Mar 2006 10:00:07 +0800,
Eugene Teo wrote:
>
> substream is dereferenced before checking for NULL.
The NULL check of substream is simply superfluous.
It is guaranteed to receive non-NULL substream and
substream->runtime.
Takashi
>
> Coverity bug #861
>
> Signed-off-by: Eugene Teo <[email protected]>
>
> --- linux-2.6/sound/isa/gus/gus_pcm.c~ 2006-03-15 10:05:45.000000000 +0800
> +++ linux-2.6/sound/isa/gus/gus_pcm.c 2006-03-16 09:51:43.000000000 +0800
> @@ -103,8 +103,8 @@
>
> static void snd_gf1_pcm_trigger_up(struct snd_pcm_substream *substream)
> {
> - struct snd_pcm_runtime *runtime = substream->runtime;
> - struct gus_pcm_private *pcmp = runtime->private_data;
> + struct snd_pcm_runtime *runtime;
> + struct gus_pcm_private *pcmp;
> struct snd_gus_card * gus = pcmp->gus;
> unsigned long flags;
> unsigned char voice_ctrl, ramp_ctrl;
> @@ -114,8 +114,10 @@
> unsigned char pan;
> unsigned int voice;
>
> - if (substream == NULL)
> + if (substream == NULL || substream->runtime == NULL)
> return;
> + runtime = substream->runtime;
> + pcmp = runtime->private_data;
> spin_lock_irqsave(&pcmp->lock, flags);
> if (pcmp->flags & SNDRV_GF1_PCM_PFLG_ACTIVE) {
> spin_unlock_irqrestore(&pcmp->lock, flags);
>
> --
> 1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
> main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
<quote sender="Takashi Iwai">
> At Thu, 16 Mar 2006 10:00:07 +0800,
> Eugene Teo wrote:
> >
> > substream is dereferenced before checking for NULL.
>
> The NULL check of substream is simply superfluous.
> It is guaranteed to receive non-NULL substream and
> substream->runtime.
> >
> > Coverity bug #861
> >
> > Signed-off-by: Eugene Teo <[email protected]>
Resend.
Eugene
--
The NULL check of substream is simply superfluous. It is
guaranteed to receive non-NULL substream. Thanks Takashi.
Coverity bug #861
Signed-off-by: Eugene Teo <[email protected]>
--- linux-2.6/sound/isa/gus/gus_pcm.c~ 2006-03-15 10:05:45.000000000 +0800
+++ linux-2.6/sound/isa/gus/gus_pcm.c 2006-03-16 19:50:45.000000000 +0800
@@ -114,8 +114,6 @@ static void snd_gf1_pcm_trigger_up(struc
unsigned char pan;
unsigned int voice;
- if (substream == NULL)
- return;
spin_lock_irqsave(&pcmp->lock, flags);
if (pcmp->flags & SNDRV_GF1_PCM_PFLG_ACTIVE) {
spin_unlock_irqrestore(&pcmp->lock, flags);
--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
>
>BTW, please use "-p" diff option so that the "@@" sections
>include function or struct names etc. I.e., be nice to patch
>readers/reviewers. :)
>
Talking of diff flags, how about adding -d? Does not cost too much.
Jan Engelhardt
--