* [PATCH 1/1] Input: cyttsp - Fix check after pointer dereferencing
@ 2012-02-15 10:42 Javier Martinez Canillas
2012-02-23 12:33 ` Javier Martinez Canillas
2012-03-04 15:41 ` Dmitry Torokhov
0 siblings, 2 replies; 4+ messages in thread
From: Javier Martinez Canillas @ 2012-02-15 10:42 UTC (permalink / raw
To: Dmitry Torokhov
Cc: Henrik Rydberg, Dan Carpenter, linux-input,
Javier Martinez Canillas
From: Javier Martinez Canillas <martinez.javier@dowhile0.org>
In the cyttsp_probe() function the struct device *dev pointer was
dereferenced before checking if it was NULL.
Now dev is never NULL since both I2C and SPI bus drivers pass a pointer to a
member of an previously allocated structure. But others bus drivers can do
it differently so is better to sanity check instead of trust in the callers.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Javier Martinez Canillas <javier@dowhile0.org>
---
drivers/input/touchscreen/cyttsp_core.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/input/touchscreen/cyttsp_core.c b/drivers/input/touchscreen/cyttsp_core.c
index 8be2247..071e5ae8 100644
--- a/drivers/input/touchscreen/cyttsp_core.c
+++ b/drivers/input/touchscreen/cyttsp_core.c
@@ -518,12 +518,19 @@ static void cyttsp_close(struct input_dev *dev)
struct cyttsp *cyttsp_probe(const struct cyttsp_bus_ops *bus_ops,
struct device *dev, int irq, size_t xfer_buf_size)
{
- const struct cyttsp_platform_data *pdata = dev->platform_data;
+ const struct cyttsp_platform_data *pdata;
struct cyttsp *ts;
struct input_dev *input_dev;
int error;
- if (!dev || !bus_ops || !pdata || !pdata->name || irq <= 0) {
+ if (!dev || !bus_ops || !dev->platform_data || irq <= 0) {
+ error = -EINVAL;
+ goto err_out;
+ }
+
+ pdata = dev->platform_data;
+
+ if (!pdata->name) {
error = -EINVAL;
goto err_out;
}
--
1.7.7.6
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] Input: cyttsp - Fix check after pointer dereferencing
2012-02-15 10:42 [PATCH 1/1] Input: cyttsp - Fix check after pointer dereferencing Javier Martinez Canillas
@ 2012-02-23 12:33 ` Javier Martinez Canillas
2012-03-04 15:41 ` Dmitry Torokhov
1 sibling, 0 replies; 4+ messages in thread
From: Javier Martinez Canillas @ 2012-02-23 12:33 UTC (permalink / raw
To: Dmitry Torokhov; +Cc: Henrik Rydberg, Dan Carpenter, linux-input
On Wed, Feb 15, 2012 at 11:42 AM, Javier Martinez Canillas
<javier@dowhile0.org> wrote:
> From: Javier Martinez Canillas <martinez.javier@dowhile0.org>
>
> In the cyttsp_probe() function the struct device *dev pointer was
> dereferenced before checking if it was NULL.
>
> Now dev is never NULL since both I2C and SPI bus drivers pass a pointer to a
> member of an previously allocated structure. But others bus drivers can do
> it differently so is better to sanity check instead of trust in the callers.
>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Javier Martinez Canillas <javier@dowhile0.org>
> ---
> drivers/input/touchscreen/cyttsp_core.c | 11 +++++++++--
> 1 files changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/input/touchscreen/cyttsp_core.c b/drivers/input/touchscreen/cyttsp_core.c
> index 8be2247..071e5ae8 100644
> --- a/drivers/input/touchscreen/cyttsp_core.c
> +++ b/drivers/input/touchscreen/cyttsp_core.c
> @@ -518,12 +518,19 @@ static void cyttsp_close(struct input_dev *dev)
> struct cyttsp *cyttsp_probe(const struct cyttsp_bus_ops *bus_ops,
> struct device *dev, int irq, size_t xfer_buf_size)
> {
> - const struct cyttsp_platform_data *pdata = dev->platform_data;
> + const struct cyttsp_platform_data *pdata;
> struct cyttsp *ts;
> struct input_dev *input_dev;
> int error;
>
> - if (!dev || !bus_ops || !pdata || !pdata->name || irq <= 0) {
> + if (!dev || !bus_ops || !dev->platform_data || irq <= 0) {
> + error = -EINVAL;
> + goto err_out;
> + }
> +
> + pdata = dev->platform_data;
> +
> + if (!pdata->name) {
> error = -EINVAL;
> goto err_out;
> }
> --
> 1.7.7.6
>
Hello,
Any feedback on this?
Is not a bug with today cyttsp driver since both I2C and SPI transport
drivers can't pass a NULL pointer, but I think Dan is right that is
better to sanity check since others transport drivers can be added in
the future.
Or this check is being to paranoiac?
Regards,
Javier
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] Input: cyttsp - Fix check after pointer dereferencing
2012-02-15 10:42 [PATCH 1/1] Input: cyttsp - Fix check after pointer dereferencing Javier Martinez Canillas
2012-02-23 12:33 ` Javier Martinez Canillas
@ 2012-03-04 15:41 ` Dmitry Torokhov
2012-03-05 7:26 ` Javier Martinez Canillas
1 sibling, 1 reply; 4+ messages in thread
From: Dmitry Torokhov @ 2012-03-04 15:41 UTC (permalink / raw
Cc: Henrik Rydberg, Dan Carpenter, linux-input,
Javier Martinez Canillas
Hi Javier,
On Wed, Feb 15, 2012 at 11:42:52AM +0100, Javier Martinez Canillas wrote:
> From: Javier Martinez Canillas <martinez.javier@dowhile0.org>
>
> In the cyttsp_probe() function the struct device *dev pointer was
> dereferenced before checking if it was NULL.
>
> Now dev is never NULL since both I2C and SPI bus drivers pass a pointer to a
> member of an previously allocated structure. But others bus drivers can do
> it differently so is better to sanity check instead of trust in the callers.
>
I already have a patch that simply removes the checks ofr dev and
bus_ops - cyttsp_probe is only called by bus-specific code and they are
not coming form platform data so there is no chance they will be NULL.
And anyone writing a new bus intefcae will get a nice oops first time
they try loading the module so they'll see the problem right away too.
Thanks.
--
Dmitry
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] Input: cyttsp - Fix check after pointer dereferencing
2012-03-04 15:41 ` Dmitry Torokhov
@ 2012-03-05 7:26 ` Javier Martinez Canillas
0 siblings, 0 replies; 4+ messages in thread
From: Javier Martinez Canillas @ 2012-03-05 7:26 UTC (permalink / raw
To: Dmitry Torokhov
Cc: Henrik Rydberg, Dan Carpenter, linux-input,
Javier Martinez Canillas
On Sun, Mar 4, 2012 at 4:41 PM, Dmitry Torokhov
<dmitry.torokhov@gmail.com> wrote:
> Hi Javier,
>
> On Wed, Feb 15, 2012 at 11:42:52AM +0100, Javier Martinez Canillas wrote:
>> From: Javier Martinez Canillas <martinez.javier@dowhile0.org>
>>
>> In the cyttsp_probe() function the struct device *dev pointer was
>> dereferenced before checking if it was NULL.
>>
>> Now dev is never NULL since both I2C and SPI bus drivers pass a pointer to a
>> member of an previously allocated structure. But others bus drivers can do
>> it differently so is better to sanity check instead of trust in the callers.
>>
>
> I already have a patch that simply removes the checks ofr dev and
> bus_ops - cyttsp_probe is only called by bus-specific code and they are
> not coming form platform data so there is no chance they will be NULL.
> And anyone writing a new bus intefcae will get a nice oops first time
> they try loading the module so they'll see the problem right away too.
>
> Thanks.
>
> --
> Dmitry
Yes, I agree with you. Since cyttsp_probe is only called by bus
specific code, removing the checks is better.
Thanks and best regards,
Javier
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-03-05 7:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-02-15 10:42 [PATCH 1/1] Input: cyttsp - Fix check after pointer dereferencing Javier Martinez Canillas
2012-02-23 12:33 ` Javier Martinez Canillas
2012-03-04 15:41 ` Dmitry Torokhov
2012-03-05 7:26 ` Javier Martinez Canillas
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.