diff options
author | Jesper Juhl <jesper.juhl@gmail.com> | 2006-06-13 11:58:12 +0200 |
---|---|---|
committer | Jaroslav Kysela <perex@suse.cz> | 2006-06-22 21:34:22 +0200 |
commit | 63eb1e4bd2975f1d1102c1f44e4fd6fcd76f7792 (patch) | |
tree | 6768bcbdfba41b7e4a79f5faee5d4f117e076321 /sound/isa/sb | |
parent | 6540dffa6ecfe0d99fb263548dcc4b35ccefe784 (diff) | |
download | lwn-63eb1e4bd2975f1d1102c1f44e4fd6fcd76f7792.tar.gz lwn-63eb1e4bd2975f1d1102c1f44e4fd6fcd76f7792.zip |
[ALSA] fix potential NULL pointer deref in snd_sb8dsp_midi_interrupt()
First testing if a pointer is NULL and if it is (or might be), proceeding
with code that dereferences that same pointer is clearly a mistake.
This happens in sound/isa/sb/sb8_midi.c::snd_sb8dsp_midi_interrupt()
The patch below reworks the code so this unfortunate case doesn't happen.
Also remove some blank comments.
Found by the Coverity checker as bug #367
Patch is compile testted only due to lack of hardware.
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'sound/isa/sb')
-rw-r--r-- | sound/isa/sb/sb8_midi.c | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/sound/isa/sb/sb8_midi.c b/sound/isa/sb/sb8_midi.c index c549aceea294..0b67edd7ac6e 100644 --- a/sound/isa/sb/sb8_midi.c +++ b/sound/isa/sb/sb8_midi.c @@ -32,20 +32,22 @@ #include <sound/core.h> #include <sound/sb.h> -/* - - */ -irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip) +irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb *chip) { struct snd_rawmidi *rmidi; int max = 64; char byte; - if (chip == NULL || (rmidi = chip->rmidi) == NULL) { + if (!chip) + return IRQ_NONE; + + rmidi = chip->rmidi; + if (!rmidi) { inb(SBP(chip, DATA_AVAIL)); /* ack interrupt */ return IRQ_NONE; } + spin_lock(&chip->midi_input_lock); while (max-- > 0) { if (inb(SBP(chip, DATA_AVAIL)) & 0x80) { @@ -59,10 +61,6 @@ irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip) return IRQ_HANDLED; } -/* - - */ - static int snd_sb8dsp_midi_input_open(struct snd_rawmidi_substream *substream) { unsigned long flags; @@ -252,10 +250,6 @@ static void snd_sb8dsp_midi_output_trigger(struct snd_rawmidi_substream *substre snd_sb8dsp_midi_output_write(substream); } -/* - - */ - static struct snd_rawmidi_ops snd_sb8dsp_midi_output = { .open = snd_sb8dsp_midi_output_open, |