summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJesper Juhl <jesper.juhl@gmail.com>2006-06-13 11:58:12 +0200
committerJaroslav Kysela <perex@suse.cz>2006-06-22 21:34:22 +0200
commit63eb1e4bd2975f1d1102c1f44e4fd6fcd76f7792 (patch)
tree6768bcbdfba41b7e4a79f5faee5d4f117e076321
parent6540dffa6ecfe0d99fb263548dcc4b35ccefe784 (diff)
downloadlinux-63eb1e4bd2975f1d1102c1f44e4fd6fcd76f7792.tar.gz
linux-63eb1e4bd2975f1d1102c1f44e4fd6fcd76f7792.tar.bz2
linux-63eb1e4bd2975f1d1102c1f44e4fd6fcd76f7792.zip
[ALSA] fix potential NULL pointer deref in snd_sb8dsp_midi_interrupt()
First testing if a pointer is NULL and if it is (or might be), proceeding with code that dereferences that same pointer is clearly a mistake. This happens in sound/isa/sb/sb8_midi.c::snd_sb8dsp_midi_interrupt() The patch below reworks the code so this unfortunate case doesn't happen. Also remove some blank comments. Found by the Coverity checker as bug #367 Patch is compile testted only due to lack of hardware. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-rw-r--r--sound/isa/sb/sb8_midi.c20
1 files changed, 7 insertions, 13 deletions
diff --git a/sound/isa/sb/sb8_midi.c b/sound/isa/sb/sb8_midi.c
index c549aceea294..0b67edd7ac6e 100644
--- a/sound/isa/sb/sb8_midi.c
+++ b/sound/isa/sb/sb8_midi.c
@@ -32,20 +32,22 @@
#include <sound/core.h>
#include <sound/sb.h>
-/*
-
- */
-irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip)
+irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb *chip)
{
struct snd_rawmidi *rmidi;
int max = 64;
char byte;
- if (chip == NULL || (rmidi = chip->rmidi) == NULL) {
+ if (!chip)
+ return IRQ_NONE;
+
+ rmidi = chip->rmidi;
+ if (!rmidi) {
inb(SBP(chip, DATA_AVAIL)); /* ack interrupt */
return IRQ_NONE;
}
+
spin_lock(&chip->midi_input_lock);
while (max-- > 0) {
if (inb(SBP(chip, DATA_AVAIL)) & 0x80) {
@@ -59,10 +61,6 @@ irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip)
return IRQ_HANDLED;
}
-/*
-
- */
-
static int snd_sb8dsp_midi_input_open(struct snd_rawmidi_substream *substream)
{
unsigned long flags;
@@ -252,10 +250,6 @@ static void snd_sb8dsp_midi_output_trigger(struct snd_rawmidi_substream *substre
snd_sb8dsp_midi_output_write(substream);
}
-/*
-
- */
-
static struct snd_rawmidi_ops snd_sb8dsp_midi_output =
{
.open = snd_sb8dsp_midi_output_open,