Bug 9572
Summary: | Dereferencing NULL pointer on drivers/usb/serial/mos7720.c | ||
---|---|---|---|
Product: | Drivers | Reporter: | Marcio Buss (marciobuss) |
Component: | USB | Assignee: | Greg Kroah-Hartman (greg) |
Status: | CLOSED CODE_FIX | ||
Severity: | normal | ||
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 2.6.23 | Subsystem: | |
Regression: | --- | Bisected commit-id: | |
Bug Depends on: | |||
Bug Blocks: | 5089 |
Description
Marcio Buss
2007-12-15 06:53:47 UTC
Reply-To: akpm@linux-foundation.org On Sat, 15 Dec 2007 06:53:48 -0800 (PST) bugme-daemon@bugzilla.kernel.org wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=9572 > > Summary: Dereferencing NULL pointer on > drivers/usb/serial/mos7720.c > Product: Drivers > Version: 2.5 > KernelVersion: 2.6.23 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: USB > AssignedTo: greg@kroah.com > ReportedBy: marciobuss@gmail.com > > > There is a NULL pointer dereference on drivers/usb/serial/mos7720.c > The error can be tracked down as follows: > > (1) line 568: there's a test "if (serial->dev)" implying that > null is a legal value for "serial->dev" at that point > > (2) line 576: "serial" is passed in as an argument to "send_mos_cmd" > > (3) line 282: "send_mos_cmd" unconditionally dereferences serial->dev > at expression "le16_to_cpu(serial->dev->descriptor.idProduct) > Reply-To: oliver@neukum.org Am Sonntag, 16. Dezember 2007 05:23:27 schrieb Andrew Morton: > On Sat, 15 Dec 2007 06:53:48 -0800 (PST) bugme-daemon@bugzilla.kernel.org > wrote: > > > http://bugzilla.kernel.org/show_bug.cgi?id=9572 > > > > Summary: Dereferencing NULL pointer on > > drivers/usb/serial/mos7720.c > > Product: Drivers > > Version: 2.5 > > KernelVersion: 2.6.23 > > Platform: All > > OS/Version: Linux > > Tree: Mainline > > Status: NEW > > Severity: normal > > Priority: P1 > > Component: USB > > AssignedTo: greg@kroah.com > > ReportedBy: marciobuss@gmail.com > > > > > > There is a NULL pointer dereference on drivers/usb/serial/mos7720.c > > The error can be tracked down as follows: > > > > (1) line 568: there's a test "if (serial->dev)" implying that > > null is a legal value for "serial->dev" at that point > > > > (2) line 576: "serial" is passed in as an argument to "send_mos_cmd" > > > > (3) line 282: "send_mos_cmd" unconditionally dereferences serial->dev > > at expression "le16_to_cpu(serial->dev->descriptor.idProduct) I see no way serial->dev may become NULL. The test looks superfluous. Did you get an oops or is this result of a checking tool? Regards Oliver Test removed upstream |