aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJesper Juhl <jesper.juhl@gmail.com>2006-06-13 05:58:12 -0400
committerJaroslav Kysela <perex@suse.cz>2006-06-22 15:34:22 -0400
commit63eb1e4bd2975f1d1102c1f44e4fd6fcd76f7792 (patch)
tree6768bcbdfba41b7e4a79f5faee5d4f117e076321
parent6540dffa6ecfe0d99fb263548dcc4b35ccefe784 (diff)
[ALSA] fix potential NULL pointer deref in snd_sb8dsp_midi_interrupt()
First testing if a pointer is NULL and if it is (or might be), proceeding with code that dereferences that same pointer is clearly a mistake. This happens in sound/isa/sb/sb8_midi.c::snd_sb8dsp_midi_interrupt() The patch below reworks the code so this unfortunate case doesn't happen. Also remove some blank comments. Found by the Coverity checker as bug #367 Patch is compile testted only due to lack of hardware. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-rw-r--r--sound/isa/sb/sb8_midi.c20
1 files changed, 7 insertions, 13 deletions
diff --git a/sound/isa/sb/sb8_midi.c b/sound/isa/sb/sb8_midi.c
index c549aceea294..0b67edd7ac6e 100644
--- a/sound/isa/sb/sb8_midi.c
+++ b/sound/isa/sb/sb8_midi.c
@@ -32,20 +32,22 @@
32#include <sound/core.h> 32#include <sound/core.h>
33#include <sound/sb.h> 33#include <sound/sb.h>
34 34
35/*
36
37 */
38 35
39irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip) 36irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb *chip)
40{ 37{
41 struct snd_rawmidi *rmidi; 38 struct snd_rawmidi *rmidi;
42 int max = 64; 39 int max = 64;
43 char byte; 40 char byte;
44 41
45 if (chip == NULL || (rmidi = chip->rmidi) == NULL) { 42 if (!chip)
43 return IRQ_NONE;
44
45 rmidi = chip->rmidi;
46 if (!rmidi) {
46 inb(SBP(chip, DATA_AVAIL)); /* ack interrupt */ 47 inb(SBP(chip, DATA_AVAIL)); /* ack interrupt */
47 return IRQ_NONE; 48 return IRQ_NONE;
48 } 49 }
50
49 spin_lock(&chip->midi_input_lock); 51 spin_lock(&chip->midi_input_lock);
50 while (max-- > 0) { 52 while (max-- > 0) {
51 if (inb(SBP(chip, DATA_AVAIL)) & 0x80) { 53 if (inb(SBP(chip, DATA_AVAIL)) & 0x80) {
@@ -59,10 +61,6 @@ irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip)
59 return IRQ_HANDLED; 61 return IRQ_HANDLED;
60} 62}
61 63
62/*
63
64 */
65
66static int snd_sb8dsp_midi_input_open(struct snd_rawmidi_substream *substream) 64static int snd_sb8dsp_midi_input_open(struct snd_rawmidi_substream *substream)
67{ 65{
68 unsigned long flags; 66 unsigned long flags;
@@ -252,10 +250,6 @@ static void snd_sb8dsp_midi_output_trigger(struct snd_rawmidi_substream *substre
252 snd_sb8dsp_midi_output_write(substream); 250 snd_sb8dsp_midi_output_write(substream);
253} 251}
254 252
255/*
256
257 */
258
259static struct snd_rawmidi_ops snd_sb8dsp_midi_output = 253static struct snd_rawmidi_ops snd_sb8dsp_midi_output =
260{ 254{
261 .open = snd_sb8dsp_midi_output_open, 255 .open = snd_sb8dsp_midi_output_open,