2004-04-16 21:19:47

by Dave Jones

[permalink] [raw]
Subject: orinoco potentially dereferencing before check


--- linux-2.6.5/drivers/net/wireless/orinoco_pci.c~ 2004-04-16 22:16:57.000000000 +0100
+++ linux-2.6.5/drivers/net/wireless/orinoco_pci.c 2004-04-16 22:17:30.000000000 +0100
@@ -275,14 +275,16 @@
static void __devexit orinoco_pci_remove_one(struct pci_dev *pdev)
{
struct net_device *dev = pci_get_drvdata(pdev);
- struct orinoco_private *priv = dev->priv;
+ struct orinoco_private *priv;

if (! dev)
BUG();

+ priv = dev->priv;
+
unregister_netdev(dev);

- if (dev->irq)
+ if (dev->irq)
free_irq(dev->irq, dev);

if (priv->hw.iobase)


2004-04-17 11:28:04

by David Gibson

[permalink] [raw]
Subject: Re: orinoco potentially dereferencing before check

On Fri, Apr 16, 2004 at 10:18:26PM +0100, Dave Jones wrote:
>
> +++ linux-2.6.5/drivers/net/wireless/orinoco_pci.c 2004-04-16 22:17:30.000000000 +0100
> @@ -275,14 +275,16 @@
> static void __devexit orinoco_pci_remove_one(struct pci_dev *pdev)
> {
> struct net_device *dev = pci_get_drvdata(pdev);
> - struct orinoco_private *priv = dev->priv;
> + struct orinoco_private *priv;
>
> if (! dev)
> BUG();
>
> + priv = dev->priv;
> +
> unregister_netdev(dev);
>
> - if (dev->irq)
> + if (dev->irq)
> free_irq(dev->irq, dev);
>
> if (priv->hw.iobase)
> -

Better to just remove the if (! dev) BUG(). I don't believe we've
ever hit that particular BUG() in debugging, so there's probably not
much point having it.

It's already gone in the driver's development tree. Which hasn't been
merged to Linus for months and months and should have been, yes, I
know. Unfortunately I have barely any time or energy for maintaining
the orinoco driver these days.

--
David Gibson | For every complex problem there is a
david AT gibson.dropbear.id.au | solution which is simple, neat and
| wrong.
http://www.ozlabs.org/people/dgibson

2004-04-19 16:22:48

by Jeff Garzik

[permalink] [raw]
Subject: Re: orinoco potentially dereferencing before check

David Gibson wrote:
> On Fri, Apr 16, 2004 at 10:18:26PM +0100, Dave Jones wrote:
>
>>+++ linux-2.6.5/drivers/net/wireless/orinoco_pci.c 2004-04-16 22:17:30.000000000 +0100
>>@@ -275,14 +275,16 @@
>> static void __devexit orinoco_pci_remove_one(struct pci_dev *pdev)
>> {
>> struct net_device *dev = pci_get_drvdata(pdev);
>>- struct orinoco_private *priv = dev->priv;
>>+ struct orinoco_private *priv;
>>
>> if (! dev)
>> BUG();
>>
>>+ priv = dev->priv;
>>+
>> unregister_netdev(dev);
>>
>>- if (dev->irq)
>>+ if (dev->irq)
>> free_irq(dev->irq, dev);
>>
>> if (priv->hw.iobase)
>>-
>
>
> Better to just remove the if (! dev) BUG(). I don't believe we've
> ever hit that particular BUG() in debugging, so there's probably not
> much point having it.


done.

Jeff