LinuxLists.cc - Fix seq_clientmgr dereferences before NULL check

2006-03-16 01:47:48

Subject: Fix seq_clientmgr dereferences before NULL check

Fix cptr->pool dereferences before NULL check.

Coverity bug #860

Signed-off-by: Eugene Teo <[email protected]>

--- linux-2.6/sound/core/seq/seq_clientmgr.c~ 2006-03-15 10:05:45.000000000 +0800
+++ linux-2.6/sound/core/seq/seq_clientmgr.c 2006-03-16 09:41:05.000000000 +0800
@@ -1862,12 +1862,13 @@
cptr = snd_seq_client_use_ptr(info.client);
if (cptr == NULL)
return -ENOENT;
+ if (cptr->pool == NULL)
+ return -ENOENT;
memset(&info, 0, sizeof(info));
info.output_pool = cptr->pool->size;
info.output_room = cptr->pool->room;
info.output_free = info.output_pool;
- if (cptr->pool)
- info.output_free = snd_seq_unused_cells(cptr->pool);
+ info.output_free = snd_seq_unused_cells(cptr->pool);
if (cptr->type == USER_CLIENT) {
info.input_pool = cptr->data.user.fifo_pool_size;
info.input_free = info.input_pool;

--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

2006-03-16 10:57:04

by Takashi Iwai

[permalink] [raw]

Subject: Re: Fix seq_clientmgr dereferences before NULL check

At Thu, 16 Mar 2006 09:46:06 +0800,
Eugene Teo wrote:
>
> Fix cptr->pool dereferences before NULL check.

cptr->pool must be non-NULL there, so just the if (cptr->pool) is
superfluous.

Takashi

> Coverity bug #860
>
> Signed-off-by: Eugene Teo <[email protected]>
>
> --- linux-2.6/sound/core/seq/seq_clientmgr.c~ 2006-03-15 10:05:45.000000000 +0800
> +++ linux-2.6/sound/core/seq/seq_clientmgr.c 2006-03-16 09:41:05.000000000 +0800
> @@ -1862,12 +1862,13 @@
> cptr = snd_seq_client_use_ptr(info.client);
> if (cptr == NULL)
> return -ENOENT;
> + if (cptr->pool == NULL)
> + return -ENOENT;
> memset(&info, 0, sizeof(info));
> info.output_pool = cptr->pool->size;
> info.output_room = cptr->pool->room;
> info.output_free = info.output_pool;
> - if (cptr->pool)
> - info.output_free = snd_seq_unused_cells(cptr->pool);
> + info.output_free = snd_seq_unused_cells(cptr->pool);
> if (cptr->type == USER_CLIENT) {
> info.input_pool = cptr->data.user.fifo_pool_size;
> info.input_free = info.input_pool;
>
> --
> 1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
> main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

2006-03-16 12:17:36

by Eugene Teo

[permalink] [raw]

Subject: Re: Fix seq_clientmgr dereferences before NULL check

<quote sender="Takashi Iwai">
> At Thu, 16 Mar 2006 09:46:06 +0800,
> Eugene Teo wrote:
> >
> > Fix cptr->pool dereferences before NULL check.
>
> cptr->pool must be non-NULL there, so just the if (cptr->pool) is
> superfluous.

Resend.

Eugene

--
cptr->pool must be non-NULL there, so just the if (cptr->pool) is
superfluous. Thanks Takashi.

Signed-off-by: Eugene Teo <[email protected]>

--- linux-2.6/sound/core/seq/seq_clientmgr.c~ 2006-03-15 10:05:45.000000000 +0800
+++ linux-2.6/sound/core/seq/seq_clientmgr.c 2006-03-16 20:14:29.000000000 +0800
@@ -1866,8 +1866,7 @@ static int snd_seq_ioctl_get_client_pool
info.output_pool = cptr->pool->size;
info.output_room = cptr->pool->room;
info.output_free = info.output_pool;
- if (cptr->pool)
- info.output_free = snd_seq_unused_cells(cptr->pool);
+ info.output_free = snd_seq_unused_cells(cptr->pool);
if (cptr->type == USER_CLIENT) {
info.input_pool = cptr->data.user.fifo_pool_size;
info.input_free = info.input_pool;

--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }