https://bugzilla.kernel.org/show_bug.cgi?id=49241 Summary: Unsafe dereference of pointer after allocing memory Product: SCSI Drivers Version: 2.5 Kernel Version: 3.0.47 Platform: All OS/Version: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: Other AssignedTo: scsi_drivers-other@xxxxxxxxxxxxxxxxxxxx ReportedBy: yangyeping_666@xxxxxxxxxxx CC: linux-scsi@xxxxxxxxxxxxxxx Regression: No Vulnerability kind: Null-pointer dereference The file path containing this vulnerability: drivers/scsi/mac_scsi.c Line number: 290 Severity: medium Code fragment (from line 270 to line 290): instance = scsi_register (tpnt, sizeof(struct NCR5380_hostdata)); #if NDEBUG default_instance = instance; #endif if (macintosh_config->ident == MAC_MODEL_IIFX) { mac_scsi_regp = via1+0x8000; mac_scsi_drq = via1+0xE000; mac_scsi_nodrq = via1+0xC000; /* The IIFX should be able to do true DMA, but pseudo-dma doesn't work */ flags = FLAG_NO_PSEUDO_DMA; } else { mac_scsi_regp = via1+0x10000; mac_scsi_drq = via1+0x6000; mac_scsi_nodrq = via1+0x12000; } if (! setup_use_pdma) flags = FLAG_NO_PSEUDO_DMA; instance->io_port = (unsigned long) mac_scsi_regp; Description: The variable "instance" is defined at line 270 via function "scsi_register" but is not sanity-checked.Then it is dereferenced at line 290. -- Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. You are watching the assignee of the bug. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
