kern/138388: NULL pointer dereference in pcfclock_open() in file sys/dev/ppbus/pcfclock.c

[Patroklos Argyroudis]

>Number:         138388
>Category:       kern
>Synopsis:       NULL pointer dereference in pcfclock_open() in file sys/dev/ppbus/pcfclock.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 31 11:20:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Patroklos Argyroudis
>Release:        8.0-CURRENT
>Organization:
census, inc
>Environment:
N/A
>Description:
There is a NULL pointer dereference in pcfclock_open() in file sys/dev/ppbus/pcfclock.c at line 153.  The NULL check at line 157 should be before the dereference of sc at line 153.
>How-To-Repeat:
N/A
>Fix:
Patch attached.

Patch attached with submission follows:

--- ./sys/dev/ppbus/pcfclock.c.orig	2009-08-28 16:24:15.000000000 +0300
+++ ./sys/dev/ppbus/pcfclock.c	2009-08-28 16:25:34.000000000 +0300
@@ -150,13 +150,16 @@
 pcfclock_open(struct cdev *dev, int flag, int fms, struct thread *td)
 {
 	struct pcfclock_data *sc = dev->si_drv1;
-	device_t pcfclockdev = sc->dev;
-	device_t ppbus = device_get_parent(pcfclockdev);
+	device_t pcfclockdev;
+	device_t ppbus;
 	int res;
 
 	if (!sc)
 		return (ENXIO);
 
+	pcfclockdev = sc->dev;
+	ppbus = device_get_parent(pcfclockdev);
+
 	ppb_lock(ppbus);
 	res = ppb_request_bus(ppbus, pcfclockdev,
 	    (flag & O_NONBLOCK) ? PPB_DONTWAIT : PPB_WAIT);


>Release-Note:
>Audit-Trail:
>Unformatted: