From 4647722673994787bfa294a163fcb6955b93d417 Mon Sep 17 00:00:00 2001 From: Jayachandran C Date: Thu, 27 Oct 2005 15:51:13 -0700 Subject: [PATCH] [SCSI] Fix issue reported by coverity in drivers/scsi/scsi_ioctl.c This patch attempts to fix an issue found in drivers/scsi/scsi_ioctl.c by Coverity. Error reported: CID: 3437 Checker: FORWARD_NULL (help) File: /export2/p4-coverity/mc2/linux26/drivers/scsi/scsi_ioctl.c Function: scsi_ioctl_send_command Description: Variable "buf" tracked as NULL was passed to a function that dereferences it. Patch description: buf can be NULL if inlen and outlen are both 0. This patch adds check if the length is non-zero before calling copy from/to user. Signed-off-by: Jayachandran C. Signed-off-by: James Bottomley --- drivers/scsi/scsi_ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/scsi_ioctl.c b/drivers/scsi/scsi_ioctl.c index 26f5bc6d9c..0bba7d8eeb 100644 --- a/drivers/scsi/scsi_ioctl.c +++ b/drivers/scsi/scsi_ioctl.c @@ -278,7 +278,7 @@ int scsi_ioctl_send_command(struct scsi_device *sdev, * Obtain the data to be sent to the device (if any). */ - if(copy_from_user(buf, cmd_in + cmdlen, inlen)) + if(inlen && copy_from_user(buf, cmd_in + cmdlen, inlen)) goto error; switch (opcode) { @@ -322,7 +322,7 @@ int scsi_ioctl_send_command(struct scsi_device *sdev, if (copy_to_user(cmd_in, sense, sb_len)) result = -EFAULT; } else { - if (copy_to_user(cmd_in, buf, outlen)) + if (outlen && copy_to_user(cmd_in, buf, outlen)) result = -EFAULT; } -- 2.39.5