There is a NULL pointer dereference in usb_endpoint_foreach() in file sys/dev/usb/usb_device.c at line 370. The check against NULL at line 373 should be before the dereference of udev at line 370. Fix: Patch attached. Patch attached with submission follows: How-To-Repeat: N/A
Responsible Changed From-To: freebsd-bugs->freebsd-usb Bug in new USB stack, with patch. Over to maintainer(s)
Author: thompsa Date: Mon Sep 28 07:39:51 2009 New Revision: 197558 URL: http://svn.freebsd.org/changeset/base/197558 Log: Fix NULL-pointer dereference in usb_endpoint_foreach(). PR: usb/138389 Submitted by: Patroklos Argyroudis at census, inc Modified: head/sys/dev/usb/usb_device.c Modified: head/sys/dev/usb/usb_device.c ============================================================================== --- head/sys/dev/usb/usb_device.c Mon Sep 28 07:32:11 2009 (r197557) +++ head/sys/dev/usb/usb_device.c Mon Sep 28 07:39:51 2009 (r197558) @@ -367,12 +367,14 @@ usb_init_endpoint(struct usb_device *ude struct usb_endpoint * usb_endpoint_foreach(struct usb_device *udev, struct usb_endpoint *ep) { - struct usb_endpoint *ep_end = udev->endpoints + udev->endpoints_max; + struct usb_endpoint *ep_end; /* be NULL safe */ if (udev == NULL) return (NULL); + ep_end = udev->endpoints + udev->endpoints_max; + /* get next endpoint */ if (ep == NULL) ep = udev->endpoints; _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Author: thompsa Date: Thu Oct 29 23:17:23 2009 New Revision: 198644 URL: http://svn.freebsd.org/changeset/base/198644 Log: MFC r197558 Fix NULL-pointer dereference in usb_endpoint_foreach(). PR: usb/138389 Modified: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) stable/8/sys/dev/usb/usb_device.c stable/8/sys/dev/xen/xenpci/ (props changed) Modified: stable/8/sys/dev/usb/usb_device.c ============================================================================== --- stable/8/sys/dev/usb/usb_device.c Thu Oct 29 23:16:39 2009 (r198643) +++ stable/8/sys/dev/usb/usb_device.c Thu Oct 29 23:17:23 2009 (r198644) @@ -367,12 +367,14 @@ usb_init_endpoint(struct usb_device *ude struct usb_endpoint * usb_endpoint_foreach(struct usb_device *udev, struct usb_endpoint *ep) { - struct usb_endpoint *ep_end = udev->endpoints + udev->endpoints_max; + struct usb_endpoint *ep_end; /* be NULL safe */ if (udev == NULL) return (NULL); + ep_end = udev->endpoints + udev->endpoints_max; + /* get next endpoint */ if (ep == NULL) ep = udev->endpoints; _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed to -CURRENT and MFCed to 8.
Responsible Changed From-To: freebsd-usb->thompsa