On Friday, December 06, 2013 3:34 AM, Ian Abbott wrote:
> On 2013-12-05 20:43, H Hartley Sweeten wrote:
[snip]
>> + irq = mite_irq(devpriv->mite);
>> + if (irq) {
>> + ret = request_irq(irq, nidio_interrupt, IRQF_SHARED,
>> + dev->board_name, dev);
>> + if (ret == 0)
>> + dev->irq = irq;
>> + }
>> +
>> ret = comedi_alloc_subdevices(dev, 1);
>
> Unfortunately, the interrupt handler `nidio_interrupt()` still
> dereferences the subdevice pointer before it tests `dev->attached`:
>
> struct comedi_subdevice *s = dev->read_subdev;
> struct comedi_async *async = s->async;
> /* ... */
> if (!dev->attached) {
> return IRQ_NONE;
> }
>
> so this can still fail if `dev->read_subdev` hasn't been set yet.
I just posted a v3 of this patch to fix the possible dereference of 's'.
Thanks,
Hartley
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
