Date: Mon, 31 Aug 2009 11:10:01 GMT From: Patroklos Argyroudis <argp@census-labs.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/138388: NULL pointer dereference in pcfclock_open() in file sys/dev/ppbus/pcfclock.c Message-ID: <200908311110.n7VBA1Op012199@www.freebsd.org> Resent-Message-ID: <200908311120.n7VBK3g5084811@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138388
>Category: kern
>Synopsis: NULL pointer dereference in pcfclock_open() in file sys/dev/ppbus/pcfclock.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 31 11:20:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Patroklos Argyroudis
>Release: 8.0-CURRENT
>Organization:
census, inc
>Environment:
N/A
>Description:
There is a NULL pointer dereference in pcfclock_open() in file sys/dev/ppbus/pcfclock.c at line 153. The NULL check at line 157 should be before the dereference of sc at line 153.
>How-To-Repeat:
N/A
>Fix:
Patch attached.
Patch attached with submission follows:
--- ./sys/dev/ppbus/pcfclock.c.orig 2009-08-28 16:24:15.000000000 +0300
+++ ./sys/dev/ppbus/pcfclock.c 2009-08-28 16:25:34.000000000 +0300
@@ -150,13 +150,16 @@
pcfclock_open(struct cdev *dev, int flag, int fms, struct thread *td)
{
struct pcfclock_data *sc = dev->si_drv1;
- device_t pcfclockdev = sc->dev;
- device_t ppbus = device_get_parent(pcfclockdev);
+ device_t pcfclockdev;
+ device_t ppbus;
int res;
if (!sc)
return (ENXIO);
+ pcfclockdev = sc->dev;
+ ppbus = device_get_parent(pcfclockdev);
+
ppb_lock(ppbus);
res = ppb_request_bus(ppbus, pcfclockdev,
(flag & O_NONBLOCK) ? PPB_DONTWAIT : PPB_WAIT);
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908311110.n7VBA1Op012199>