lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Dec 2009 19:34:49 -0600 From: Robert Hancock <hancockrwd@...il.com> To: Alexander Strakh <strakh@...ras.ru> CC: Mark Lord <mlord@...ox.com>, linux-ide@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, linux-kernel@...r.kernel.org Subject: Re: BUG null dereference in drivers/ata/sata_mv.c On 12/14/2009 02:51 PM, Alexander Strakh wrote: > KERNEL_VERSION: 2.6.32 > SUBJECT: null dereference in function mv_unexpected_intr > DESCRIBE: > In ./drivers/ata/sata_mv.c in function mv_port_intr > > 1. If ap == NULL in line 2778, then we goto line 2779. > 2. In line 2779 function mv_unexpected_intr(ap, 0) is called. > 3. In line 2538 null dereference: "ap->link.eh_info" > > 2773 static void mv_port_intr(struct ata_port *ap, u32 port_cause) > 2774 { > ... > 2778 if (!ap || (ap->flags& ATA_FLAG_DISABLED)) { > 2779 mv_unexpected_intr(ap, 0); > 2780 return; > 2781 } > ... > 2809 } > > 2536 static void mv_unexpected_intr(struct ata_port *ap, int edma_was_enabled) > 2537 { > 2538 struct ata_eh_info *ehi =&ap->link.eh_info; > ... > 2555 } > > Found by Linux Device Drivers Verification Project (Svace Detector) I don't think it should be possible for ap to be null at the point the check is made. The null check could likely be removed. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists