2010-01-07 01:48:51

by Alexander Beregalov

[permalink] [raw]
Subject: [PATCH 1/4] mtd: mxc_nand: avoid NULL pointer dereference

Assign nand_chip and host only if host is not NULL.

Cc: David Woodhouse <[email protected]>
Signed-off-by: Alexander Beregalov <[email protected]>
---
drivers/mtd/nand/mxc_nand.c | 12 ++++++++----
1 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/mtd/nand/mxc_nand.c b/drivers/mtd/nand/mxc_nand.c
index 45dec57..4ace54c 100644
--- a/drivers/mtd/nand/mxc_nand.c
+++ b/drivers/mtd/nand/mxc_nand.c
@@ -881,12 +881,14 @@ static int __devexit mxcnd_remove(struct platform_device *pdev)
static int mxcnd_suspend(struct platform_device *pdev, pm_message_t state)
{
struct mtd_info *mtd = platform_get_drvdata(pdev);
- struct nand_chip *nand_chip = mtd->priv;
- struct mxc_nand_host *host = nand_chip->priv;
+ struct nand_chip *nand_chip;
+ struct mxc_nand_host *host;
int ret = 0;

DEBUG(MTD_DEBUG_LEVEL0, "MXC_ND : NAND suspend\n");
if (mtd) {
+ nand_chip = mtd->priv;
+ host = nand_chip->priv;
ret = mtd->suspend(mtd);
/* Disable the NFC clock */
clk_disable(host->clk);
@@ -898,13 +900,15 @@ static int mxcnd_suspend(struct platform_device *pdev, pm_message_t state)
static int mxcnd_resume(struct platform_device *pdev)
{
struct mtd_info *mtd = platform_get_drvdata(pdev);
- struct nand_chip *nand_chip = mtd->priv;
- struct mxc_nand_host *host = nand_chip->priv;
+ struct nand_chip *nand_chip;
+ struct mxc_nand_host *host;
int ret = 0;

DEBUG(MTD_DEBUG_LEVEL0, "MXC_ND : NAND resume\n");

if (mtd) {
+ nand_chip = mtd->priv;
+ host = nand_chip->priv;
/* Enable the NFC clock */
clk_enable(host->clk);
mtd->resume(mtd);
--
1.6.6


2010-01-07 01:49:10

by Alexander Beregalov

[permalink] [raw]
Subject: [PATCH 2/4] SCSI: pm8001: avoid NULL pointer dereference

Assign device_id only if pm8001_dev is not NULL.

Cc: James Bottomley <[email protected]>
Signed-off-by: Alexander Beregalov <[email protected]>
---
drivers/scsi/pm8001/pm8001_sas.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c
index 7f9c83a..4e748d1 100644
--- a/drivers/scsi/pm8001/pm8001_sas.c
+++ b/drivers/scsi/pm8001/pm8001_sas.c
@@ -884,11 +884,12 @@ static void pm8001_dev_gone_notify(struct domain_device *dev)
u32 tag;
struct pm8001_hba_info *pm8001_ha;
struct pm8001_device *pm8001_dev = dev->lldd_dev;
- u32 device_id = pm8001_dev->device_id;
+ u32 device_id;
pm8001_ha = pm8001_find_ha_by_dev(dev);
spin_lock_irqsave(&pm8001_ha->lock, flags);
pm8001_tag_alloc(pm8001_ha, &tag);
if (pm8001_dev) {
+ device_id = pm8001_dev->device_id;
PM8001_DISC_DBG(pm8001_ha,
pm8001_printk("found dev[%d:%x] is gone.\n",
pm8001_dev->device_id, pm8001_dev->dev_type));
--
1.6.6

2010-01-07 01:49:22

by Alexander Beregalov

[permalink] [raw]
Subject: [PATCH 3/4] ISDN: hysdn: avoid NULL pointer dereference

Assign dev only if lp is not NULL.

Cc: Armin Schindler <[email protected]>
Signed-off-by: Alexander Beregalov <[email protected]>
---
drivers/isdn/hysdn/hysdn_net.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/isdn/hysdn/hysdn_net.c b/drivers/isdn/hysdn/hysdn_net.c
index 72eb926..feec8d8 100644
--- a/drivers/isdn/hysdn/hysdn_net.c
+++ b/drivers/isdn/hysdn/hysdn_net.c
@@ -187,12 +187,13 @@ void
hysdn_rx_netpkt(hysdn_card * card, unsigned char *buf, unsigned short len)
{
struct net_local *lp = card->netif;
- struct net_device *dev = lp->dev;
+ struct net_device *dev;
struct sk_buff *skb;

if (!lp)
return; /* non existing device */

+ dev = lp->dev;
dev->stats.rx_bytes += len;

skb = dev_alloc_skb(len);
--
1.6.6

2010-01-07 01:49:35

by Alexander Beregalov

[permalink] [raw]
Subject: [PATCH 4/4] uml: line.c: avoid NULL pointer dereference

Assign tty only if line is not NULL.

Cc: Jeff Dike <[email protected]>
Signed-off-by: Alexander Beregalov <[email protected]>
---
arch/um/drivers/line.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/arch/um/drivers/line.c b/arch/um/drivers/line.c
index cf8a97f..8ebdc8c 100644
--- a/arch/um/drivers/line.c
+++ b/arch/um/drivers/line.c
@@ -18,9 +18,10 @@ static irqreturn_t line_interrupt(int irq, void *data)
{
struct chan *chan = data;
struct line *line = chan->line;
- struct tty_struct *tty = line->tty;
+ struct tty_struct *tty;

if (line)
+ tty = line->tty;
chan_interrupt(&line->chan_list, &line->task, tty, irq);
return IRQ_HANDLED;
}
--
1.6.6

2010-01-07 05:08:59

by Jeff Dike

[permalink] [raw]
Subject: Re: [PATCH 4/4] uml: line.c: avoid NULL pointer dereference

On Thu, Jan 07, 2010 at 04:48:41AM +0300, Alexander Beregalov wrote:
> Assign tty only if line is not NULL.

> if (line)
> + tty = line->tty;
> chan_interrupt(&line->chan_list, &line->task, tty, irq);
> return IRQ_HANDLED;

Even if the thinking is correct, aren't you missing some braces?

Jeff

2010-01-07 15:56:54

by Alexander Beregalov

[permalink] [raw]
Subject: Re: [PATCH 4/4] uml: line.c: avoid NULL pointer dereference

2010/1/7 Jeff Dike <[email protected]>:
> On Thu, Jan 07, 2010 at 04:48:41AM +0300, Alexander Beregalov wrote:
>> Assign tty only if line is not NULL.
>
>>       if (line)
>> +             tty = line->tty;
>>               chan_interrupt(&line->chan_list, &line->task, tty, irq);
>>       return IRQ_HANDLED;
>
> Even if the thinking is correct, aren't you missing some braces?

Oops, sorry, I will send another version.