| Message ID | 20231101133544.246961-1-renmingshuai@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | tty: hso: Fix potential null pointer dereference | expand |
On Wed, Nov 01, 2023 at 09:35:44PM +0800, Ren Mingshuai wrote: > Generally, the old always points to the address of a ktermios structure, > so old is unlikely to be NULL. Still check it before dereference as > elsewhere. If it can not happen, there is no need to check it. So unless you can prove that this ever could happen, this change isn't needed, right? thanks, greg k-h
>> Generally, the old always points to the address of a ktermios structure, >> so old is unlikely to be NULL. Still check it before dereference as >> elsewhere. > >If it can not happen, there is no need to check it. So unless you can >prove that this ever could happen, this change isn't needed, right? > >thanks, > >greg k-h Thanks for reply. I agree with you. The reason for checking old there is that it is checked at the beginning in hso_serial_set_termios(). It is better to check it both or not, right? Delete it to avoid smatch complaints. drivers/net/usb/hso.c:1399 hso_serial_set_termios() error: we previously assumed 'old' could be null (see line 1389). diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c index 4ad829ab54d3..383ff8b04473 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -1386,10 +1386,9 @@ static void hso_serial_set_termios(struct tty_struct *tty, struct hso_serial *serial = tty->driver_data; unsigned long flags; - if (old) - hso_dbg(0x16, "Termios called with: cflags new[%u] - old[%u]\n", - (unsigned int)tty->termios.c_cflag, - (unsigned int)old->c_cflag); + hso_dbg(0x16, "Termios called with: cflags new[%u] - old[%u]\n", + (unsigned int)tty->termios.c_cflag, + (unsigned int)old->c_cflag); /* the actual setup */ spin_lock_irqsave(&serial->serial_lock, flags);
diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c index ce1f6081d582..4ad829ab54d3 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -1396,7 +1396,8 @@ static void hso_serial_set_termios(struct tty_struct *tty, if (serial->port.count) _hso_serial_set_termios(tty); else - tty->termios = *old; + if (old) + tty->termios = *old; spin_unlock_irqrestore(&serial->serial_lock, flags); /* done */
Generally, the old always points to the address of a ktermios structure, so old is unlikely to be NULL. Still check it before dereference as elsewhere. Signed-off-by: Ren Mingshuai <renmingshuai@huawei.com> --- drivers/net/usb/hso.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)