Re: [PATCH] Staging: dgnc: Using temporary value for repeated dereferences.
From: Dan Carpenter
Date: Mon Apr 20 2015 - 04:35:22 EST
On Sun, Apr 19, 2015 at 05:54:19PM -0700, Joe Perches wrote:
> > diff --git a/drivers/staging/dgnc/dgnc_mgmt.c b/drivers/staging/dgnc/dgnc_mgmt.c
> > index b13318a..0437117 100644
> > --- a/drivers/staging/dgnc/dgnc_mgmt.c
> > +++ b/drivers/staging/dgnc/dgnc_mgmt.c
> > @@ -131,6 +131,7 @@ long dgnc_mgmt_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> > int brd;
> >
> > struct digi_info di;
> > + struct dgnc_board *bd = dgnc_Board[brd];
>
> Please read the code.
> brd is got from userspace and you've dereferenced
> it before getting the value from userspace.
Gar. Oops. I totally missed that when I looked at this patch. :(
You would hope that GCC would warn about the uninitialized variable but
it doesn't.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/