svn commit: r299269 - head/sys/dev/mpr
Stephen McConnell
slm at FreeBSD.org
Mon May 9 16:26:36 UTC 2016
Author: slm
Date: Mon May 9 16:26:34 2016
New Revision: 299269
URL: https://svnweb.freebsd.org/changeset/base/299269
Log:
Fix possible use of invalid pointer.
It was possible to use an invalid pointer to get the target ID value. To fix
this, initialize a local Target ID variable to an invalid value and change that
variable to a valid value only if the pointer to the Target ID is not NULL.
Reviewed by: ken, scottl, ambrisko, asomers
Approved by: ken, scottl, ambrisko
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D6100
Modified:
head/sys/dev/mpr/mpr_sas.c
Modified: head/sys/dev/mpr/mpr_sas.c
==============================================================================
--- head/sys/dev/mpr/mpr_sas.c Mon May 9 16:24:16 2016 (r299268)
+++ head/sys/dev/mpr/mpr_sas.c Mon May 9 16:26:34 2016 (r299269)
@@ -243,6 +243,8 @@ mprsas_alloc_tm(struct mpr_softc *sc)
void
mprsas_free_tm(struct mpr_softc *sc, struct mpr_command *tm)
{
+ int target_id = 0xFFFFFFFF;
+
MPR_FUNCTRACE(sc);
if (tm == NULL)
return;
@@ -254,10 +256,11 @@ mprsas_free_tm(struct mpr_softc *sc, str
*/
if (tm->cm_targ != NULL) {
tm->cm_targ->flags &= ~MPRSAS_TARGET_INRESET;
+ target_id = tm->cm_targ->tid;
}
if (tm->cm_ccb) {
mpr_dprint(sc, MPR_INFO, "Unfreezing devq for target ID %d\n",
- tm->cm_targ->tid);
+ target_id);
xpt_release_devq(tm->cm_ccb->ccb_h.path, 1, TRUE);
xpt_free_path(tm->cm_ccb->ccb_h.path);
xpt_free_ccb(tm->cm_ccb);
More information about the svn-src-head
mailing list