On Mon, Nov 17, 2008 at 07:09:40AM +0000, Philip Paeps wrote: > Author: philip > Date: Mon Nov 17 07:09:40 2008 > New Revision: 185021 > URL: http://svn.freebsd.org/changeset/base/185021 > > Log: > Fix two possible (but unlikely) NULL-pointer dereferences in glxsb(4). > > Spotted by: Coverity > MFC after: 1 week > > Modified: > head/sys/dev/glxsb/glxsb.c > > Modified: head/sys/dev/glxsb/glxsb.c > ============================================================================== > --- head/sys/dev/glxsb/glxsb.c Mon Nov 17 07:03:05 2008 > (r185020) > +++ head/sys/dev/glxsb/glxsb.c Mon Nov 17 07:09:40 2008 > (r185021) > @@ -358,7 +358,8 @@ glxsb_detach(device_t dev) > return (EBUSY); > } > } > - while ((ses = TAILQ_FIRST(&sc->sc_sessions)) != NULL) { > + while (!TAILQ_EMPTY(&sc->sc_sessions)) { > + ses = TAILQ_FIRST(&sc->sc_sessions);
This is perfectly valid, and if it was reported by coverity, it is a
false positive.
> TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
> free(ses, M_GLXSB);
> }
> @@ -867,8 +868,11 @@ glxsb_crypto_process(device_t dev, struc
>
> enccrd = maccrd = NULL;
>
> - if (crp == NULL ||
> - crp->crp_callback == NULL || crp->crp_desc == NULL) {
> + /* Sanity check. */
> + if (crp == NULL)
> + return (EINVAL);
> +
> + if (crp->crp_callback == NULL || crp->crp_desc == NULL) {
> error = EINVAL;
> goto fail;
> }
This one is ok. The same one exists in padlock(4), could you fix it too?
--
Pawel Jakub Dawidek http://www.wheel.pl
[EMAIL PROTECTED] http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
pgpeSYsfiU0CK.pgp
Description: PGP signature
