Bug 138387 - [ppbus] [patch] NULL pointer dereference in lptopen() in file sys/dev/ppbus/lpt.c
Summary: [ppbus] [patch] NULL pointer dereference in lptopen() in file sys/dev/ppbus/l...
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 8.0-CURRENT
Hardware: Any Any
: Normal Affects Only Me
Assignee: Christian Brueffer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-31 12:10 UTC by Patroklos Argyroudis
Modified: 2011-10-10 19:14 UTC (History)
0 users

See Also:

Attachments
file.diff (524 bytes, patch)
2009-08-31 12:10 UTC, Patroklos Argyroudis 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Patroklos Argyroudis 2009-08-31 12:10:03 UTC 
There is a NULL pointer dereference in lptopen() in file sys/dev/ppbus/lpt.c at line 489.  The NULL check at line 492 should be before the dereference of sc at line 489.

Fix: Patch attached.

Patch attached with submission follows:
How-To-Repeat: N/A
Comment 1 Christian Brueffer freebsd_committer freebsd_triage 2009-10-22 07:51:37 UTC 
State Changed
From-To: open->patched

Committed, thanks!
Comment 2 Christian Brueffer freebsd_committer freebsd_triage 2009-10-22 07:51:37 UTC 
Responsible Changed
From-To: freebsd-bugs->brueffer

MFC reminder.
Comment 3 dfilter service freebsd_committer freebsd_triage 2009-10-22 07:51:41 UTC 
Author: brueffer
Date: Thu Oct 22 06:51:29 2009
New Revision: 198358
URL: http://svn.freebsd.org/changeset/base/198358

Log:
  Check pointer for NULL before dereferencing it, not after.
  
  PR:		138387, 138388
  Submitted by:	Patroklos Argyroudis <argp@census-labs.com>
  MFC after:	1 week

Modified:
  head/sys/dev/ppbus/lpt.c
  head/sys/dev/ppbus/pcfclock.c

Modified: head/sys/dev/ppbus/lpt.c
==============================================================================
--- head/sys/dev/ppbus/lpt.c	Thu Oct 22 06:17:04 2009	(r198357)
+++ head/sys/dev/ppbus/lpt.c	Thu Oct 22 06:51:29 2009	(r198358)
@@ -486,12 +486,15 @@ lptopen(struct cdev *dev, int flags, int
 {
 	int trys, err;
 	struct lpt_data *sc = dev->si_drv1;
-	device_t lptdev = sc->sc_dev;
-	device_t ppbus = device_get_parent(lptdev);
+	device_t lptdev;
+	device_t ppbus;
 
 	if (!sc)
 		return (ENXIO);
 
+	lptdev = sc->sc_dev;
+	ppbus = device_get_parent(lptdev);
+
 	ppb_lock(ppbus);
 	if (sc->sc_state) {
 		lprintf(("%s: still open %x\n", device_get_nameunit(lptdev),

Modified: head/sys/dev/ppbus/pcfclock.c
==============================================================================
--- head/sys/dev/ppbus/pcfclock.c	Thu Oct 22 06:17:04 2009	(r198357)
+++ head/sys/dev/ppbus/pcfclock.c	Thu Oct 22 06:51:29 2009	(r198358)
@@ -150,12 +150,14 @@ static int
 pcfclock_open(struct cdev *dev, int flag, int fms, struct thread *td)
 {
 	struct pcfclock_data *sc = dev->si_drv1;
-	device_t pcfclockdev = sc->dev;
-	device_t ppbus = device_get_parent(pcfclockdev);
+	device_t pcfclockdev;
+	device_t ppbus;
 	int res;
 
 	if (!sc)
 		return (ENXIO);
+	pcfclockdev = sc->dev;
+	ppbus = device_get_parent(pcfclockdev);
 
 	ppb_lock(ppbus);
 	res = ppb_request_bus(ppbus, pcfclockdev,
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Comment 4 Christian Brueffer freebsd_committer freebsd_triage 2011-10-10 19:14:20 UTC 
State Changed
From-To: patched->closed

MFC done. Sorry for the long delay!