DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth;
        b=GgdAAs6iVScB0+4zTLyuHxE9QTa2op36gTQxpEEqKO4SAZBqMr3+jT0Gdf3OqSGsqM0hLAX1KvYiR63nAOrs3KuvrMG4wHO3ob9Ye8nCYcGdxJKZuBR2CKmTsNwNbJr6qVXDER8hkEjvL4e1NwCO7I21vSMEIXR0e2KX0Id7I/s=
Message-ID: <5166c2f30701141558td770dfbt13fd5098f76bcde6@mail.gmail.com>
Date: Sun, 14 Jan 2007 15:58:11 -0800
From: "Suhabe Bugrara" <suhabe@stanford.edu>
To: linux-kernel@vger.kernel.org
Subject: user pointer bugs
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1134
Lines: 33

Hello,

In linux-2.6.19.2, do the following lines have bugs in them? It looks
like they dereference a user pointer without first being checked by
the "access_ok" macro to ensure that they point into userspace.

Suhabe

========================
File: sound/isa/sscape.c
Lines: 550, 665
Description: The pointer "bb" is dereferenced in the expression
"bb->code" without being checked first.
Fix: Replace "bb->code" with "&bb->code"

========================
File: block/scsi_ioctl.c
Lines: 406, 427, 430, 482, 486
Description: The pointer "sic" is dereferenced in the expression
"sic->data" without being checked first.
Fix: Replace "sic->code" with "&sic->code"

========================
File: sound/pci/rme9652/hdsp.c
Line: 4589
Description: The pointer "mixer" is dereferenced in the expression
"mixer->data" without being checked first.
Fix: Replace "mixer->matrix" with "&mixer->matrix"
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/