Re: [PATCH][RESEND] Fix a potential NULL pointer deref in the aic7xxx, ahc_print_register() function
From: Jesper Juhl
Date: Sun Aug 05 2007 - 11:54:22 EST
On Sunday 05 August 2007 17:42:31 Justin T. Gibbs wrote:
> All of this logic was simplified back in '05 in the BSD drivers by adding
> this to the top of the function:
>
> u_int dummy_column;
>
> if (cur_column == NULL) {
> dummy_column = 0;
> cur_column = &dummy_column;
> }
>
> and then stripping out the cur_column == NULL checks in the routine.
>
Thank you for that info.
James, if that sounds like a better way to deal with it to you, then
here's a patch to implement it.
Signed-off-by: Jesper Juhl <jesper.juhl@xxxxxxxxx>
---
drivers/scsi/aic7xxx/aic7xxx_core.c | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/aic7xxx/aic7xxx_core.c b/drivers/scsi/aic7xxx/aic7xxx_core.c
index 75733b0..d1f3f25 100644
--- a/drivers/scsi/aic7xxx/aic7xxx_core.c
+++ b/drivers/scsi/aic7xxx/aic7xxx_core.c
@@ -6529,8 +6529,14 @@ ahc_print_register(ahc_reg_parse_entry_t *table, u_int num_entries,
{
int printed;
u_int printed_mask;
+ u_int dummy_column;
- if (cur_column != NULL && *cur_column >= wrap_point) {
+ if (!cur_column) {
+ dummy_column = 0;
+ cur_column = &dummy_column;
+ }
+
+ if (*cur_column >= wrap_point) {
printf("\n");
*cur_column = 0;
}
@@ -6565,8 +6571,7 @@ ahc_print_register(ahc_reg_parse_entry_t *table, u_int num_entries,
printed += printf(") ");
else
printed += printf(" ");
- if (cur_column != NULL)
- *cur_column += printed;
+ *cur_column += printed;
return (printed);
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/