BUG null dereference in drivers/message/fusion/mptscsih.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

	KERNEL_VERSION: 2.6.32
	SUBJECT: null dereference in function mptscsih_qcmd
	DESCRIBE:
	In ./drivers/ata/sata_mv.c in function mptscsih_qcmd 

Null dereference in line 1371 of vdevice (vdevice->vtarget->id).
We assume that it may be null, because we check it in line 1361 in the if 
statement. (if vdevice is null we goto to the else part in line 1366)

1300 int
1301 mptscsih_qcmd(struct scsi_cmnd *SCpnt, void (*done)(struct scsi_cmnd *))
1302 {
...
1361         if (vdevice
1362             && (vdevice->vtarget->tflags & MPT_TARGET_FLAGS_Q_YES)
1363             && (SCpnt->device->tagged_supported)) {
1364                 scsictl = scsidir | MPI_SCSIIO_CONTROL_SIMPLEQ;
1365         } else {
1366                 scsictl = scsidir | MPI_SCSIIO_CONTROL_UNTAGGED;
1367         }
1368
1369         /* Use the above information to set up the message frame
1370          */
1371         pScsiReq->TargetID = (u8) vdevice->vtarget->id;
1372         pScsiReq->Bus = vdevice->vtarget->channel;
...
}

Found by Linux Device Drivers Verification Project (Svace Detector)
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux