Date: Mon, 31 Aug 2009 11:01:46 GMT From: Patroklos Argyroudis <argp@census-labs.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/138387: NULL pointer dereference in lptopen() in file sys/dev/ppbus/lpt.c Message-ID: <200908311101.n7VB1k2Y001096@www.freebsd.org> Resent-Message-ID: <200908311110.n7VBA3mQ072887@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138387
>Category: kern
>Synopsis: NULL pointer dereference in lptopen() in file sys/dev/ppbus/lpt.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 31 11:10:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Patroklos Argyroudis
>Release: 8.0-CURRENT
>Organization:
census, inc
>Environment:
N/A
>Description:
There is a NULL pointer dereference in lptopen() in file sys/dev/ppbus/lpt.c at line 489. The NULL check at line 492 should be before the dereference of sc at line 489.
>How-To-Repeat:
N/A
>Fix:
Patch attached.
Patch attached with submission follows:
--- ./sys/dev/ppbus/lpt.c.orig 2009-08-28 16:14:00.000000000 +0300
+++ ./sys/dev/ppbus/lpt.c 2009-08-28 16:21:41.000000000 +0300
@@ -486,12 +486,15 @@
{
int trys, err;
struct lpt_data *sc = dev->si_drv1;
- device_t lptdev = sc->sc_dev;
- device_t ppbus = device_get_parent(lptdev);
+ device_t lptdev;
+ device_t ppbus;
if (!sc)
return (ENXIO);
+ lptdev = sc->sc_dev;
+ ppbus = device_get_parent(lptdev);
+
ppb_lock(ppbus);
if (sc->sc_state) {
lprintf(("%s: still open %x\n", device_get_nameunit(lptdev),
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908311101.n7VB1k2Y001096>