| Message ID | 20100522201535.GI22515@bicker (mailing list archive) |
|---|---|
| State | Superseded, archived |
| Headers |
Return-path: <linux-media-owner@vger.kernel.org> Envelope-to: mchehab@infradead.org Delivery-date: Sat, 22 May 2010 20:16:02 +0000 Received: from bombadil.infradead.org [18.85.46.34] by pedra with IMAP (fetchmail-6.3.6) for <mchehab@localhost> (single-drop); Sat, 22 May 2010 17:16:42 -0300 (BRT) Received: from vger.kernel.org ([209.132.180.67]) by bombadil.infradead.org with esmtp (Exim 4.69 #1 (Red Hat Linux)) id 1OFv74-0001zZ-Lz; Sat, 22 May 2010 20:16:02 +0000 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758061Ab0EVUP7 (ORCPT <rfc822; kmpark@infradead.org> + 1 other); Sat, 22 May 2010 16:15:59 -0400 Received: from mail-vw0-f46.google.com ([209.85.212.46]:49742 "EHLO mail-vw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757978Ab0EVUP6 (ORCPT <rfc822;linux-media@vger.kernel.org>); Sat, 22 May 2010 16:15:58 -0400 Received: by vws9 with SMTP id 9so1651798vws.19 for <multiple recipients>; Sat, 22 May 2010 13:15:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:mime-version:content-type:content-disposition:user-agent; bh=DBJV2y+qLWNaYfWLMAUavm0nRo9VQoCuPb6dWSPQPBA=; b=rPzDaW/TO1y2IJSXwslv4ZL78FODyUcZ02HKO4rsHAEoSTqz/91dLrMfIs8yY1c3QC mXWo/Unub3tsZxqVpe10a8XwJ8EO9wonv0CaxVDBi3rbhsp15kbfIshmnmRRQIqZALbb db5UJ5E37pLtPLjQPv0HjzRwm7OJwg9eeuoz8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=pMZv7Y64kMp6DtYHEC2fgYsRjlYbAGpSoViGmEfqbYOzTPvuwjjjClkoWAcyEo3bfR G7MK7hJo1F7DeEMSkB8MDmA2HTa7ho/B2YN9N2pMsKf1lgX1t1UWLRKj4g+opN8AoLfa 3IzXpljJzdLbKnAS+I1zqp/yx5TtDqurrYNXk= Received: by 10.220.122.224 with SMTP id m32mr2255648vcr.71.1274559357430; Sat, 22 May 2010 13:15:57 -0700 (PDT) Received: from bicker ([205.177.176.130]) by mx.google.com with ESMTPS id z17sm10697443vco.17.2010.05.22.13.15.47 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 22 May 2010 13:15:56 -0700 (PDT) Date: Sat, 22 May 2010 22:15:35 +0200 From: Dan Carpenter <error27@gmail.com> To: Mauro Carvalho Chehab <mchehab@infradead.org> Cc: Jean Delvare <khali@linux-fr.org>, "Beholder Intl. Ltd. Dmitry Belimov" <d.belimov@gmail.com>, hermann pitton <hermann-pitton@arcor.de>, Douglas Schilling Landgraf <dougsland@redhat.com>, linux-media@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [patch] video/saa7134: potential null dereferences in debug code Message-ID: <20100522201535.GI22515@bicker> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: <linux-media.vger.kernel.org> X-Mailing-List: linux-media@vger.kernel.org |
Commit Message
Dan Carpenter
May 22, 2010, 8:15 p.m. UTC
I modified the dprintk and i2cdprintk macros to handle null dev and ir
pointers. There are two couple places that call dprintk() when "dev" is
null. One is in get_key_msi_tvanywhere_plus() and the other is in
get_key_flydvb_trio().
Signed-off-by: Dan Carpenter <error27@gmail.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Comments
Hi Dan, On Sat, 22 May 2010 22:15:35 +0200, Dan Carpenter wrote: > I modified the dprintk and i2cdprintk macros to handle null dev and ir > pointers. There are two couple places that call dprintk() when "dev" is > null. One is in get_key_msi_tvanywhere_plus() and the other is in > get_key_flydvb_trio(). > > Signed-off-by: Dan Carpenter <error27@gmail.com> > > diff --git a/drivers/media/video/saa7134/saa7134-input.c b/drivers/media/video/saa7134/saa7134-input.c > index e5565e2..e14f2f8 100644 > --- a/drivers/media/video/saa7134/saa7134-input.c > +++ b/drivers/media/video/saa7134/saa7134-input.c > @@ -61,9 +61,9 @@ MODULE_PARM_DESC(disable_other_ir, "disable full codes of " > "alternative remotes from other manufacturers"); > > #define dprintk(fmt, arg...) if (ir_debug) \ > - printk(KERN_DEBUG "%s/ir: " fmt, dev->name , ## arg) > + printk(KERN_DEBUG "%s/ir: " fmt, dev ? dev->name : "<null>", ## arg) > #define i2cdprintk(fmt, arg...) if (ir_debug) \ > - printk(KERN_DEBUG "%s/ir: " fmt, ir->name , ## arg) > + printk(KERN_DEBUG "%s/ir: " fmt, ir ? ir->name : "<null>", ## arg) > > /* Helper functions for RC5 and NEC decoding at GPIO16 or GPIO18 */ > static int saa7134_rc5_irq(struct saa7134_dev *dev); I would have used "(null)" instead of "<null>" for consistency with lib/vsprintf.c:string(). But more importantly, I suspect that a better fix would be to not call these macros when dev or ir, respectively, is NULL. The faulty dprintk calls in get_key_msi_tvanywhere_plus() and get_key_flydvb_trio() could be replaced with i2cdprintk (which is misnamed IMHO, BTW.)
Em Sat, 22 May 2010 22:59:21 +0200 Jean Delvare <khali@linux-fr.org> escreveu: > Hi Dan, > > On Sat, 22 May 2010 22:15:35 +0200, Dan Carpenter wrote: > > I modified the dprintk and i2cdprintk macros to handle null dev and ir > > pointers. There are two couple places that call dprintk() when "dev" is > > null. One is in get_key_msi_tvanywhere_plus() and the other is in > > get_key_flydvb_trio(). > > > > Signed-off-by: Dan Carpenter <error27@gmail.com> > > > > diff --git a/drivers/media/video/saa7134/saa7134-input.c b/drivers/media/video/saa7134/saa7134-input.c > > index e5565e2..e14f2f8 100644 > > --- a/drivers/media/video/saa7134/saa7134-input.c > > +++ b/drivers/media/video/saa7134/saa7134-input.c > > @@ -61,9 +61,9 @@ MODULE_PARM_DESC(disable_other_ir, "disable full codes of " > > "alternative remotes from other manufacturers"); > > > > #define dprintk(fmt, arg...) if (ir_debug) \ > > - printk(KERN_DEBUG "%s/ir: " fmt, dev->name , ## arg) > > + printk(KERN_DEBUG "%s/ir: " fmt, dev ? dev->name : "<null>", ## arg) > > #define i2cdprintk(fmt, arg...) if (ir_debug) \ > > - printk(KERN_DEBUG "%s/ir: " fmt, ir->name , ## arg) > > + printk(KERN_DEBUG "%s/ir: " fmt, ir ? ir->name : "<null>", ## arg) > > > > /* Helper functions for RC5 and NEC decoding at GPIO16 or GPIO18 */ > > static int saa7134_rc5_irq(struct saa7134_dev *dev); > > I would have used "(null)" instead of "<null>" for consistency with > lib/vsprintf.c:string(). > > But more importantly, I suspect that a better fix would be to not call > these macros when dev or ir, respectively, is NULL. The faulty dprintk > calls in get_key_msi_tvanywhere_plus() and get_key_flydvb_trio() could > be replaced with i2cdprintk (which is misnamed IMHO, BTW.) Agreed. Dan, could you please rework your patch according with Jean's feedback? Thanks, Mauro
On Sat, 29 May 2010 01:29:54 -0300, Mauro Carvalho Chehab wrote: > Em Sat, 22 May 2010 22:59:21 +0200 > Jean Delvare <khali@linux-fr.org> escreveu: > > I would have used "(null)" instead of "<null>" for consistency with > > lib/vsprintf.c:string(). > > > > But more importantly, I suspect that a better fix would be to not call > > these macros when dev or ir, respectively, is NULL. The faulty dprintk > > calls in get_key_msi_tvanywhere_plus() and get_key_flydvb_trio() could > > be replaced with i2cdprintk (which is misnamed IMHO, BTW.) > > Agreed. > > Dan, could you please rework your patch according with Jean's feedback? He did already.
diff --git a/drivers/media/video/saa7134/saa7134-input.c b/drivers/media/video/saa7134/saa7134-input.c index e5565e2..e14f2f8 100644 --- a/drivers/media/video/saa7134/saa7134-input.c +++ b/drivers/media/video/saa7134/saa7134-input.c @@ -61,9 +61,9 @@ MODULE_PARM_DESC(disable_other_ir, "disable full codes of " "alternative remotes from other manufacturers"); #define dprintk(fmt, arg...) if (ir_debug) \ - printk(KERN_DEBUG "%s/ir: " fmt, dev->name , ## arg) + printk(KERN_DEBUG "%s/ir: " fmt, dev ? dev->name : "<null>", ## arg) #define i2cdprintk(fmt, arg...) if (ir_debug) \ - printk(KERN_DEBUG "%s/ir: " fmt, ir->name , ## arg) + printk(KERN_DEBUG "%s/ir: " fmt, ir ? ir->name : "<null>", ## arg) /* Helper functions for RC5 and NEC decoding at GPIO16 or GPIO18 */ static int saa7134_rc5_irq(struct saa7134_dev *dev);