kern/56605: da driver can reference a NULL pointer
Jeff Fellin
jkf at research.bell-labs.com
Mon Sep 8 12:30:22 PDT 2003
>Number: 56605
>Category: kern
>Synopsis: da driver can reference a NULL pointer
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 08 12:30:17 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Jeff Fellin
>Release: FreeBSD current i386
>Organization:
Bell Labs
>Environment:
System: FreeBSD nstg6.cs.bell-labs.com 4.4-STABLE FreeBSD 4.4-STABLE #0: Tue Oct
22 10:15:48 EDT 2002 jkf at nstg6.research.bell-labs.com:/bsd.stable/src/sys/compi
le/DEV.UP i386
>Description:
the routine daopen() in sys/cam/scsi can reference a NULL pointer.
Lines 457-463:
s = splsoftcam();
periph = (struct cam_periph *)dp->d_drv1;
unit = periph->unit_number; /* POSSIBLE NULL REFERENCE */
if (periph == NULL) {
splx(s);
return (ENXIO);
}
>How-To-Repeat:
Code inspection, no test.
>Fix:
Move line 459 to be after line 463 as follows
Lines 457-463:
s = splsoftcam();
periph = (struct cam_periph *)dp->d_drv1;
if (periph == NULL) {
splx(s);
return (ENXIO);
}
unit = periph->unit_number;
~
>Release-Note:
>Audit-Trail:
>Unformatted:
I sent the following report via send-pr, but I don't think it left the
free BSD machine I ran the command on.
Jeff Fellin
Room 2C-423
Bell-Labs, Murray Hill
(908) 582-7673
fellin at lucent.com
More information about the freebsd-bugs
mailing list