From: Tetsuo Handa Date: Wed, 7 May 2008 03:42:27 +0000 (-0700) Subject: serial: access after NULL check in uart_flush_buffer() X-Git-Tag: v2.6.26-rc2~49 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55d7b68996a5064f011d681bca412b6281d2f711;p=linux-2.6 serial: access after NULL check in uart_flush_buffer() I noticed that static void uart_flush_buffer(struct tty_struct *tty) { struct uart_state *state = tty->driver_data; struct uart_port *port = state->port; unsigned long flags; /* * This means you called this function _after_ the port was * closed. No cookie for you. */ if (!state || !state->info) { WARN_ON(1); return; } is too late for checking state != NULL. Signed-off-by: Tetsuo Handa Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/drivers/serial/serial_core.c b/drivers/serial/serial_core.c index 1e2b9d826f..eab0327337 100644 --- a/drivers/serial/serial_core.c +++ b/drivers/serial/serial_core.c @@ -556,7 +556,7 @@ static int uart_chars_in_buffer(struct tty_struct *tty) static void uart_flush_buffer(struct tty_struct *tty) { struct uart_state *state = tty->driver_data; - struct uart_port *port = state->port; + struct uart_port *port; unsigned long flags; /* @@ -568,6 +568,7 @@ static void uart_flush_buffer(struct tty_struct *tty) return; } + port = state->port; pr_debug("uart_flush_buffer(%d) called\n", tty->index); spin_lock_irqsave(&port->lock, flags);