Bug 9596

Summary: NULL pointer dereference on drivers/usb/misc/auerswald.c
Product: Drivers Reporter: Marcio Buss (marciobuss)
Component: USBAssignee: Greg Kroah-Hartman (greg)
Status: REJECTED INVALID    
Severity: low    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.23 Subsystem:
Regression: --- Bisected commit-id:
Bug Depends on:    
Bug Blocks: 5089    

Description Marcio Buss 2007-12-17 22:27:06 UTC
This is a low severity error, since there's a null pointer dereference
only in case kzalloc fails to allocate memory.

(1) line 762: !bep is true => bep is null
(2) goto bl_fail
(3) line 781: calling auerbuf_free(bep) with bep null, but such function
    does not handle a null argument:

/* free a single auerbuf */
static void auerbuf_free (pauerbuf_t bp)
{
	kfree(bp->bufp);
        ...
Comment 1 Anonymous Emailer 2007-12-17 22:47:04 UTC
Reply-To: akpm@linux-foundation.org

On Mon, 17 Dec 2007 22:27:07 -0800 (PST) bugme-daemon@bugzilla.kernel.org wrote:

> http://bugzilla.kernel.org/show_bug.cgi?id=9596
> 
>            Summary: NULL pointer dereference on drivers/usb/misc/auerswald.c
>            Product: Drivers
>            Version: 2.5
>      KernelVersion: 2.6.23
>           Platform: All
>         OS/Version: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: low
>           Priority: P1
>          Component: USB
>         AssignedTo: greg@kroah.com
>         ReportedBy: marciobuss@gmail.com
> 
> 
> This is a low severity error, since there's a null pointer dereference
> only in case kzalloc fails to allocate memory.
> 
> (1) line 762: !bep is true => bep is null
> (2) goto bl_fail
> (3) line 781: calling auerbuf_free(bep) with bep null, but such function
>     does not handle a null argument:
> 
> /* free a single auerbuf */
> static void auerbuf_free (pauerbuf_t bp)
> {
>         kfree(bp->bufp);
>         ...
> 
> 
> -- 
> Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug, or are watching someone who is.