Return-Path: <linux-kernel-owner+willy=40w.ods.org-S1752368AbWCPLAo@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752368AbWCPLAo (ORCPT <rfc822;willy@w.ods.org>);
	Thu, 16 Mar 2006 06:00:44 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752369AbWCPLAo
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Thu, 16 Mar 2006 06:00:44 -0500
Received: from ns2.suse.de ([195.135.220.15]:27114 "EHLO mx2.suse.de")
	by vger.kernel.org with ESMTP id S1752367AbWCPLAo (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 16 Mar 2006 06:00:44 -0500
Date: Thu, 16 Mar 2006 12:00:42 +0100
Message-ID: <s5hek12r6w5.wl%tiwai@suse.de>
From: Takashi Iwai <tiwai@suse.de>
To: Eugene Teo <eugene.teo@eugeneteo.net>
Cc: linux-kernel@vger.kernel.org, Jaroslav Kysela <perex@suse.cz>
Subject: Re: Fix gus_pcm dereference before NULL
In-Reply-To: <20060316020007.GA20734@eugeneteo.net>
References: <20060316020007.GA20734@eugeneteo.net>
User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 MULE XEmacs/21.5 (beta24)
 (dandelion) (i386-suse-linux)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1927
Lines: 58

At Thu, 16 Mar 2006 10:00:07 +0800,
Eugene Teo wrote:
> 
> substream is dereferenced before checking for NULL.

The NULL check of substream is simply superfluous.
It is guaranteed to receive non-NULL substream and
substream->runtime.


Takashi

> 
> Coverity bug #861
> 
> Signed-off-by: Eugene Teo <eugene.teo@eugeneteo.net>
> 
> --- linux-2.6/sound/isa/gus/gus_pcm.c~	2006-03-15 10:05:45.000000000 +0800
> +++ linux-2.6/sound/isa/gus/gus_pcm.c	2006-03-16 09:51:43.000000000 +0800
> @@ -103,8 +103,8 @@
>  
>  static void snd_gf1_pcm_trigger_up(struct snd_pcm_substream *substream)
>  {
> -	struct snd_pcm_runtime *runtime = substream->runtime;
> -	struct gus_pcm_private *pcmp = runtime->private_data;
> +	struct snd_pcm_runtime *runtime;
> +	struct gus_pcm_private *pcmp;
>  	struct snd_gus_card * gus = pcmp->gus;
>  	unsigned long flags;
>  	unsigned char voice_ctrl, ramp_ctrl;
> @@ -114,8 +114,10 @@
>  	unsigned char pan;
>  	unsigned int voice;
>  
> -	if (substream == NULL)
> +	if (substream == NULL || substream->runtime == NULL)
>  		return;
> +	runtime = substream->runtime;
> +	pcmp = runtime->private_data;
>  	spin_lock_irqsave(&pcmp->lock, flags);
>  	if (pcmp->flags & SNDRV_GF1_PCM_PFLG_ACTIVE) {
>  		spin_unlock_irqrestore(&pcmp->lock, flags);
> 
> -- 
> 1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265  9BB8 5883 6DAA A6D1 2F80
> main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/