This patch attempts to fix an issue found in drivers/scsi/scsi_ioctl.c by Coverity.
Error reported:
CID: 3437
Checker: FORWARD_NULL (help)
File: /export2/p4-coverity/mc2/linux26/drivers/scsi/scsi_ioctl.c
Function: scsi_ioctl_send_command
Description: Variable "buf" tracked as NULL was passed to a function that dereferences it.
Patch description:
buf can be NULL if inlen and outlen are both 0. This patch adds check if the
length is non-zero before calling copy from/to user.
Signed-off-by: Jayachandran C. <c.jayachandran at gmail.com>
---
scsi_ioctl.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- linux-2.6.14-rc4-git2.clean/drivers/scsi/scsi_ioctl.c 2005-10-13 11:42:32.000000000 -0700
+++ linux-2.6.14-rc4-git2/drivers/scsi/scsi_ioctl.c 2005-10-26 11:51:50.171230856 -0700
@@ -281,7 +281,7 @@
* Obtain the data to be sent to the device (if any).
*/
- if(copy_from_user(buf, cmd_in + cmdlen, inlen))
+ if(inlen && copy_from_user(buf, cmd_in + cmdlen, inlen))
goto error;
switch (opcode) {
@@ -325,7 +325,7 @@
if (copy_to_user(cmd_in, sense, sb_len))
result = -EFAULT;
} else {
- if (copy_to_user(cmd_in, buf, outlen))
+ if (outlen && copy_to_user(cmd_in, buf, outlen))
result = -EFAULT;
}
-
: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
