From owner-svn-src-head@FreeBSD.ORG Mon Nov 17 17:20:19 2008 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A5411065672; Mon, 17 Nov 2008 17:20:19 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello087206045082.chello.pl [87.206.45.82]) by mx1.freebsd.org (Postfix) with ESMTP id A64A28FC17; Mon, 17 Nov 2008 17:20:18 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id D454F4569A; Mon, 17 Nov 2008 17:52:01 +0100 (CET) Received: from localhost (ghf58.internetdsl.tpnet.pl [83.12.187.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id D7C5745684; Mon, 17 Nov 2008 17:51:55 +0100 (CET) Date: Mon, 17 Nov 2008 17:51:52 +0100 From: Pawel Jakub Dawidek To: Philip Paeps Message-ID: <20081117165006.GA1489@garage.freebsd.pl> References: <200811170709.mAH79ecr075977@svn.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="v9Ux+11Zm5mwPlX6" Content-Disposition: inline In-Reply-To: <200811170709.mAH79ecr075977@svn.freebsd.org> User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 8.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r185021 - head/sys/dev/glxsb X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2008 17:20:19 -0000 --v9Ux+11Zm5mwPlX6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 17, 2008 at 07:09:40AM +0000, Philip Paeps wrote: > Author: philip > Date: Mon Nov 17 07:09:40 2008 > New Revision: 185021 > URL: http://svn.freebsd.org/changeset/base/185021 >=20 > Log: > Fix two possible (but unlikely) NULL-pointer dereferences in glxsb(4). > > Spotted by: Coverity > MFC after: 1 week > > Modified: > head/sys/dev/glxsb/glxsb.c >=20 > Modified: head/sys/dev/glxsb/glxsb.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/sys/dev/glxsb/glxsb.c Mon Nov 17 07:03:05 2008 (r185020) > +++ head/sys/dev/glxsb/glxsb.c Mon Nov 17 07:09:40 2008 (r185021) > @@ -358,7 +358,8 @@ glxsb_detach(device_t dev) > return (EBUSY); > } > } > - while ((ses =3D TAILQ_FIRST(&sc->sc_sessions)) !=3D NULL) { > + while (!TAILQ_EMPTY(&sc->sc_sessions)) { > + ses =3D TAILQ_FIRST(&sc->sc_sessions); This is perfectly valid, and if it was reported by coverity, it is a false positive. > TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); > free(ses, M_GLXSB); > } > @@ -867,8 +868,11 @@ glxsb_crypto_process(device_t dev, struc > =20 > enccrd =3D maccrd =3D NULL; > =20 > - if (crp =3D=3D NULL || > - crp->crp_callback =3D=3D NULL || crp->crp_desc =3D=3D NULL) { > + /* Sanity check. */ > + if (crp =3D=3D NULL) > + return (EINVAL); > + > + if (crp->crp_callback =3D=3D NULL || crp->crp_desc =3D=3D NULL) { > error =3D EINVAL; > goto fail; > } This one is ok. The same one exists in padlock(4), could you fix it too? --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --v9Ux+11Zm5mwPlX6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFJIaEnForvXbEpPzQRAvGJAKDj1rBiE87U8NhGD5Ysx9OZw9Uj7QCg7NFn ZBs/4Fit8tewl0kGyhj4N6E= =K407 -----END PGP SIGNATURE----- --v9Ux+11Zm5mwPlX6--