From: Jesper Juhl Date: Tue, 13 Jun 2006 09:58:12 +0000 (+0200) Subject: [ALSA] fix potential NULL pointer deref in snd_sb8dsp_midi_interrupt() X-Git-Tag: v2.6.18-rc1~1081^2~261 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63eb1e4bd2975f1d1102c1f44e4fd6fcd76f7792;p=linux-2.6 [ALSA] fix potential NULL pointer deref in snd_sb8dsp_midi_interrupt() First testing if a pointer is NULL and if it is (or might be), proceeding with code that dereferences that same pointer is clearly a mistake. This happens in sound/isa/sb/sb8_midi.c::snd_sb8dsp_midi_interrupt() The patch below reworks the code so this unfortunate case doesn't happen. Also remove some blank comments. Found by the Coverity checker as bug #367 Patch is compile testted only due to lack of hardware. Signed-off-by: Jesper Juhl Signed-off-by: Takashi Iwai --- diff --git a/sound/isa/sb/sb8_midi.c b/sound/isa/sb/sb8_midi.c index c549aceea2..0b67edd7ac 100644 --- a/sound/isa/sb/sb8_midi.c +++ b/sound/isa/sb/sb8_midi.c @@ -32,20 +32,22 @@ #include #include -/* - - */ -irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip) +irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb *chip) { struct snd_rawmidi *rmidi; int max = 64; char byte; - if (chip == NULL || (rmidi = chip->rmidi) == NULL) { + if (!chip) + return IRQ_NONE; + + rmidi = chip->rmidi; + if (!rmidi) { inb(SBP(chip, DATA_AVAIL)); /* ack interrupt */ return IRQ_NONE; } + spin_lock(&chip->midi_input_lock); while (max-- > 0) { if (inb(SBP(chip, DATA_AVAIL)) & 0x80) { @@ -59,10 +61,6 @@ irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip) return IRQ_HANDLED; } -/* - - */ - static int snd_sb8dsp_midi_input_open(struct snd_rawmidi_substream *substream) { unsigned long flags; @@ -252,10 +250,6 @@ static void snd_sb8dsp_midi_output_trigger(struct snd_rawmidi_substream *substre snd_sb8dsp_midi_output_write(substream); } -/* - - */ - static struct snd_rawmidi_ops snd_sb8dsp_midi_output = { .open = snd_sb8dsp_midi_output_open,