2009-12-21 15:46:01

by Alexander Strakh

Subject: BUG null dereference in driver ./drivers/usb/serial/mos7840.c

KERNEL_VERSION: 2.6.32
SUBJECT: null derefernce in function mos7840_bulk_in_callback
SUBSCRIBE:
In driver drivers/usb/serial/mos7840.c in function
mos7840_bulk_in_callback:

1. If in line 697 mos7840_port = NULL then we goto line 699
2. In line 699 we have null dereference.

696 mos7840_port = urb->context;
697 if (!mos7840_port) {
698 dbg("%s", "NULL mos7840_port pointer");
699 mos7840_port->read_urb_busy = false;
700 return;
701 }

Found by Linux Device Drivers Verification Project (Svace Detector)

2009-12-21 16:21:55

by Greg KH

Subject: Re: BUG null dereference in driver ./drivers/usb/serial/mos7840.c

On Mon, Dec 21, 2009 at 07:51:09PM +0000, Alexander Strakh wrote:
> KERNEL_VERSION: 2.6.32
> SUBJECT: null derefernce in function mos7840_bulk_in_callback
> SUBSCRIBE:
> In driver drivers/usb/serial/mos7840.c in function
> mos7840_bulk_in_callback:
>
> 1. If in line 697 mos7840_port = NULL then we goto line 699

How can that happen?

> 2. In line 699 we have null dereference.
>
> 696 mos7840_port = urb->context;
> 697 if (!mos7840_port) {
> 698 dbg("%s", "NULL mos7840_port pointer");
> 699 mos7840_port->read_urb_busy = false;
> 700 return;
> 701 }
>
> Found by Linux Device Drivers Verification Project (Svace Detector)

What is this?

Are you also going to send patches for stuff like this?

thanks,

greg k-h