Bug 9596
| Summary: | NULL pointer dereference on drivers/usb/misc/auerswald.c | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | Marcio Buss (marciobuss) |
| Component: | USB | Assignee: | Greg Kroah-Hartman (greg) |
| Status: | REJECTED INVALID | ||
| Severity: | low | ||
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 2.6.23 | Subsystem: | |
| Regression: | --- | Bisected commit-id: | |
| Bug Depends on: | |||
| Bug Blocks: | 5089 | ||
Reply-To: akpm@linux-foundation.org On Mon, 17 Dec 2007 22:27:07 -0800 (PST) bugme-daemon@bugzilla.kernel.org wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=9596 > > Summary: NULL pointer dereference on drivers/usb/misc/auerswald.c > Product: Drivers > Version: 2.5 > KernelVersion: 2.6.23 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: low > Priority: P1 > Component: USB > AssignedTo: greg@kroah.com > ReportedBy: marciobuss@gmail.com > > > This is a low severity error, since there's a null pointer dereference > only in case kzalloc fails to allocate memory. > > (1) line 762: !bep is true => bep is null > (2) goto bl_fail > (3) line 781: calling auerbuf_free(bep) with bep null, but such function > does not handle a null argument: > > /* free a single auerbuf */ > static void auerbuf_free (pauerbuf_t bp) > { > kfree(bp->bufp); > ... > > > -- > Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email > ------- You are receiving this mail because: ------- > You are on the CC list for the bug, or are watching someone who is. |
This is a low severity error, since there's a null pointer dereference only in case kzalloc fails to allocate memory. (1) line 762: !bep is true => bep is null (2) goto bl_fail (3) line 781: calling auerbuf_free(bep) with bep null, but such function does not handle a null argument: /* free a single auerbuf */ static void auerbuf_free (pauerbuf_t bp) { kfree(bp->bufp); ...