On Wed, Jan 09 2002, Zwane Mwaikambo wrote:
> Hi Jens, Marcelo,
> Doing an "eject" with my somewhat damaged SuSE 5.3 CD gave me the
> appended reproducible oops. This bug is present in both 2.4 (visual
> inspection) and 2.5. Here is the code path before the oops
>
> ide-cd.c
> static
> int cdrom_queue_packet_command(ide_drive_t *drive, struct packet_command
> *pc)
> {
> <snip>
> if (ide_do_drive_cmd (drive, &req, ide_wait)) { <== [1]
> printk("%s: do_drive_cmd returned
> stat=%02x,err=%02x\n",
> drive->name, req.buffer[0],
> req.buffer[1]);
> /* FIXME: we should probably abort/retry or
> something */
> <snip>
>
> [1] ide_do_drive_cmd returns -EIO so we end up doing the printk. Tadow!
> NULL dereference because of (char *)req.buffer. Then again, this printk
> seems quite redundant IMO.
Yes, just kill the printk instead.
-- Jens Axboe- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Jan 15 2002 - 21:00:25 EST