kern/138387: NULL pointer dereference in lptopen() in file sys/dev/ppbus/lpt.c

[Patroklos Argyroudis]

>Number:         138387
>Category:       kern
>Synopsis:       NULL pointer dereference in lptopen() in file sys/dev/ppbus/lpt.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 31 11:10:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Patroklos Argyroudis
>Release:        8.0-CURRENT
>Organization:
census, inc
>Environment:
N/A
>Description:
There is a NULL pointer dereference in lptopen() in file sys/dev/ppbus/lpt.c at line 489.  The NULL check at line 492 should be before the dereference of sc at line 489.
>How-To-Repeat:
N/A
>Fix:
Patch attached.

Patch attached with submission follows:

--- ./sys/dev/ppbus/lpt.c.orig	2009-08-28 16:14:00.000000000 +0300
+++ ./sys/dev/ppbus/lpt.c	2009-08-28 16:21:41.000000000 +0300
@@ -486,12 +486,15 @@
 {
 	int trys, err;
 	struct lpt_data *sc = dev->si_drv1;
-	device_t lptdev = sc->sc_dev;
-	device_t ppbus = device_get_parent(lptdev);
+	device_t lptdev;
+	device_t ppbus;
 
 	if (!sc)
 		return (ENXIO);
 
+	lptdev = sc->sc_dev;
+	ppbus = device_get_parent(lptdev);
+
 	ppb_lock(ppbus);
 	if (sc->sc_state) {
 		lprintf(("%s: still open %x\n", device_get_nameunit(lptdev),


>Release-Note:
>Audit-Trail:
>Unformatted: