Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dev/ic Avoid NULL pointer dereference on unexpected erro...
details: https://anonhg.NetBSD.org/src/rev/00e8a93d7907
branches: trunk
changeset: 580580:00e8a93d7907
user: tsutsui <tsutsui%NetBSD.org@localhost>
date: Sat Apr 30 02:18:43 2005 +0000
description:
Avoid NULL pointer dereference on unexpected error cases. (from OpenBSD)
diffstat:
sys/dev/ic/osiop.c | 41 ++++++++++++++++++++++++++++-------------
1 files changed, 28 insertions(+), 13 deletions(-)
diffs (104 lines):
diff -r b29f5fedda87 -r 00e8a93d7907 sys/dev/ic/osiop.c
--- a/sys/dev/ic/osiop.c Fri Apr 29 22:48:25 2005 +0000
+++ b/sys/dev/ic/osiop.c Sat Apr 30 02:18:43 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: osiop.c,v 1.23 2005/02/27 00:27:02 perry Exp $ */
+/* $NetBSD: osiop.c,v 1.24 2005/04/30 02:18:43 tsutsui Exp $ */
/*
* Copyright (c) 2001 Izumi Tsutsui. All rights reserved.
@@ -100,7 +100,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: osiop.c,v 1.23 2005/02/27 00:27:02 perry Exp $");
+__KERNEL_RCSID(0, "$NetBSD: osiop.c,v 1.24 2005/04/30 02:18:43 tsutsui Exp $");
/* #define OSIOP_DEBUG */
@@ -1130,6 +1130,12 @@
if (dstat & OSIOP_DSTAT_SIR && intcode == A_ok) {
/* Normal completion status, or check condition */
struct osiop_tinfo *ti;
+
+ if (acb == NULL) {
+ printf("%s: COMPLETE with no active command?\n",
+ sc->sc_dev.dv_xname);
+ goto bad_phase;
+ }
#ifdef OSIOP_DEBUG
if (osiop_read_4(sc, OSIOP_DSA) !=
dsdma->dm_segs[0].ds_addr + acb->dsoffset) {
@@ -1175,6 +1181,11 @@
return (1);
}
if (dstat & OSIOP_DSTAT_SIR && intcode == A_int_syncmsg) {
+ if (acb == NULL) {
+ printf("%s: sync message with no active command?\n",
+ sc->sc_dev.dv_xname);
+ goto bad_phase;
+ }
target = acb->xs->xs_periph->periph_target;
if (ds->msgbuf[1] == MSG_EXTENDED &&
ds->msgbuf[2] == MSG_EXT_SDTR_LEN &&
@@ -1218,10 +1229,12 @@
/* Phase mismatch */
#ifdef OSIOP_DEBUG
osiopphmm++;
- if (acb == NULL)
+#endif
+ if (acb == NULL) {
printf("%s: Phase mismatch with no active command?\n",
sc->sc_dev.dv_xname);
-#endif
+ goto bad_phase;
+ }
if (acb->datalen > 0) {
int adjust = (dfifo - (dbc & 0x7f)) & 0x7f;
if (sstat1 & OSIOP_SSTAT1_ORF)
@@ -1290,10 +1303,12 @@
}
if (sstat0 & OSIOP_SSTAT0_STO) {
/* Select timed out */
-#ifdef OSIOP_DEBUG
- if (acb == NULL)
+ if (acb == NULL) {
printf("%s: Select timeout with no active command?\n",
sc->sc_dev.dv_xname);
+ goto bad_phase;
+ }
+#ifdef OSIOP_DEBUG
if (osiop_read_1(sc, OSIOP_SBCL) & OSIOP_BSY) {
printf("ACK! osiop was busy at timeout: "
"script %p dsa %lx\n", sc->sc_script,
@@ -1336,13 +1351,11 @@
else
target = sc->sc_id;
if (sstat0 & OSIOP_SSTAT0_UDC) {
-#ifdef OSIOP_DEBUG
+ printf("%s: target %d disconnected unexpectedly",
+ sc->sc_dev.dv_xname, target);
if (acb == NULL)
- printf("%s: Unexpected disconnect "
- "with no active command?\n", sc->sc_dev.dv_xname);
- printf("%s: target %d disconnected unexpectedly\n",
- sc->sc_dev.dv_xname, target);
-#endif
+ printf("with no active command?");
+ printf("\n");
#if 0
osiop_abort(sc, "osiop_chkintr");
#endif
@@ -1603,9 +1616,11 @@
}
if (dstat & OSIOP_DSTAT_SIR && intcode == A_int_msgin) {
/* Unrecognized message in byte */
- if (acb == NULL)
+ if (acb == NULL) {
printf("%s: Bad message-in with no active command?\n",
sc->sc_dev.dv_xname);
+ goto bad_phase;
+ }
printf("%s: Unrecognized message in data "
"sfbr %x msg %x sbcl %x\n", sc->sc_dev.dv_xname,
osiop_read_1(sc, OSIOP_SFBR), ds->msgbuf[1],
Home |
Main Index |
Thread Index |
Old Index