Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Nov 2008 17:51:52 +0100
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Philip Paeps <philip@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r185021 - head/sys/dev/glxsb
Message-ID:  <20081117165006.GA1489@garage.freebsd.pl>
In-Reply-To: <200811170709.mAH79ecr075977@svn.freebsd.org>
References:  <200811170709.mAH79ecr075977@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Mon, Nov 17, 2008 at 07:09:40AM +0000, Philip Paeps wrote:
> Author: philip
> Date: Mon Nov 17 07:09:40 2008
> New Revision: 185021
> URL: http://svn.freebsd.org/changeset/base/185021
> 
> Log:
>   Fix two possible (but unlikely) NULL-pointer dereferences in glxsb(4).
>
>   Spotted by:	Coverity
>   MFC after:	1 week
>
> Modified:
>   head/sys/dev/glxsb/glxsb.c
> 
> Modified: head/sys/dev/glxsb/glxsb.c
> ==============================================================================
> --- head/sys/dev/glxsb/glxsb.c	Mon Nov 17 07:03:05 2008	(r185020)
> +++ head/sys/dev/glxsb/glxsb.c	Mon Nov 17 07:09:40 2008	(r185021)
> @@ -358,7 +358,8 @@ glxsb_detach(device_t dev)
>  			return (EBUSY);
>  		}
>  	}
> -	while ((ses = TAILQ_FIRST(&sc->sc_sessions)) != NULL) {
> +	while (!TAILQ_EMPTY(&sc->sc_sessions)) {
> +		ses = TAILQ_FIRST(&sc->sc_sessions);

This is perfectly valid, and if it was reported by coverity, it is a
false positive.

>  		TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
>  		free(ses, M_GLXSB);
>  	}
> @@ -867,8 +868,11 @@ glxsb_crypto_process(device_t dev, struc
>  
>  	enccrd = maccrd = NULL;
>  
> -	if (crp == NULL ||
> -	    crp->crp_callback == NULL || crp->crp_desc == NULL) {
> +	/* Sanity check. */
> +	if (crp == NULL)
> +		return (EINVAL);
> +
> +	if (crp->crp_callback == NULL || crp->crp_desc == NULL) {
>  		error = EINVAL;
>  		goto fail;
>  	}

This one is ok. The same one exists in padlock(4), could you fix it too?

-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFJIaEnForvXbEpPzQRAvGJAKDj1rBiE87U8NhGD5Ysx9OZw9Uj7QCg7NFn
ZBs/4Fit8tewl0kGyhj4N6E=
=K407
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081117165006.GA1489>