Date: Fri, 30 Dec 2011 22:09:04 GMT From: Philippe Saint-Pierre <stpere@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/163724: [PATCH] NULL check before dereference Message-ID: <201112302209.pBUM946P026242@red.freebsd.org> Resent-Message-ID: <201112302210.pBUMACDl003604@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 163724 >Category: misc >Synopsis: [PATCH] NULL check before dereference >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 30 22:10:12 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Philippe Saint-Pierre >Release: patch made against 8.1 (I think) >Organization: Haiku >Environment: >Description: In the Marvell wifi driver, there are dereferences attempts occuring before the NULL check. >How-To-Repeat: >Fix: Patch included. Basically moves the NULL check to before any dereferences attempts. Patch attached with submission follows: --- mwlhal-orig.c 2011-12-30 12:49:08.807786944 -0500 +++ sys/dev/mwl/mwlhal.c 2011-12-30 12:50:57.787782085 -0500 @@ -1440,15 +1440,20 @@ } sp = &mh->mh_streams[s]; mh->mh_bastreams &= ~(1<<s); - sp->public.data[0] = a1; - sp->public.data[1] = a2; - IEEE80211_ADDR_COPY(sp->macaddr, Macaddr); - sp->tid = Tid; - sp->paraminfo = ParamInfo; - sp->setup = 0; - sp->ba_policy = ba_policy; - MWL_HAL_UNLOCK(mh); - return sp != NULL ? &sp->public : NULL; + if (sp != NULL) { + sp->public.data[0] = a1; + sp->public.data[1] = a2; + IEEE80211_ADDR_COPY(sp->macaddr, Macaddr); + sp->tid = Tid; + sp->paraminfo = ParamInfo; + sp->setup = 0; + sp->ba_policy = ba_policy; + MWL_HAL_UNLOCK(mh); + return &sp->public; + } else { + MWL_HAL_UNLOCK(mh); + return NULL; + } } const MWL_HAL_BASTREAM * >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112302209.pBUM946P026242>