Date: Fri, 30 Dec 2011 22:09:04 GMT From: Philippe Saint-Pierre <stpere@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/163724: [PATCH] NULL check before dereference Message-ID: <201112302209.pBUM946P026242@red.freebsd.org> Resent-Message-ID: <201112302210.pBUMACDl003604@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 163724
>Category: misc
>Synopsis: [PATCH] NULL check before dereference
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Dec 30 22:10:12 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Philippe Saint-Pierre
>Release: patch made against 8.1 (I think)
>Organization:
Haiku
>Environment:
>Description:
In the Marvell wifi driver, there are dereferences attempts occuring before the NULL check.
>How-To-Repeat:
>Fix:
Patch included. Basically moves the NULL check to before any dereferences attempts.
Patch attached with submission follows:
--- mwlhal-orig.c 2011-12-30 12:49:08.807786944 -0500
+++ sys/dev/mwl/mwlhal.c 2011-12-30 12:50:57.787782085 -0500
@@ -1440,15 +1440,20 @@
}
sp = &mh->mh_streams[s];
mh->mh_bastreams &= ~(1<<s);
- sp->public.data[0] = a1;
- sp->public.data[1] = a2;
- IEEE80211_ADDR_COPY(sp->macaddr, Macaddr);
- sp->tid = Tid;
- sp->paraminfo = ParamInfo;
- sp->setup = 0;
- sp->ba_policy = ba_policy;
- MWL_HAL_UNLOCK(mh);
- return sp != NULL ? &sp->public : NULL;
+ if (sp != NULL) {
+ sp->public.data[0] = a1;
+ sp->public.data[1] = a2;
+ IEEE80211_ADDR_COPY(sp->macaddr, Macaddr);
+ sp->tid = Tid;
+ sp->paraminfo = ParamInfo;
+ sp->setup = 0;
+ sp->ba_policy = ba_policy;
+ MWL_HAL_UNLOCK(mh);
+ return &sp->public;
+ } else {
+ MWL_HAL_UNLOCK(mh);
+ return NULL;
+ }
}
const MWL_HAL_BASTREAM *
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112302209.pBUM946P026242>