Julia Lawall | 12 Jul 22:06 2009
Picon

[PATCH 5/5] net/irda: Drop unnecessary NULL test

From: Julia Lawall <julia <at> diku.dk>

The result of container_of should not be NULL.  In particular, in this case
the argument to the enclosing function has passed though INIT_WORK, which
dereferences it, implying that its container cannot be NULL.

A simplified version of the semantic patch that makes this change is as
follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
 <at>  <at> 
identifier fn,work,x,fld;
type T;
expression E1,E2;
statement S;
 <at>  <at> 

static fn(struct work_struct *work) {
  ... when != work = E1
  x = container_of(work,T,fld)
  ... when != x = E2
- if (x == NULL) S
  ...
}
// </smpl>

Signed-off-by: Julia Lawall <julia <at> diku.dk>

---
(Continue reading)

Julia Lawall | 13 Jul 12:10 2009
Picon

[PATCH 2/2] net/irda/ircomm: Drop unnecessary NULL test

From: Julia Lawall <julia <at> diku.dk>

The result of container_of should not be NULL.  In particular, in this case
the argument to the enclosing function has passed though INIT_WORK,
which dereferences it, implying that its container cannot be NULL.

The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
 <at>  <at> 
expression x,e;
 <at>  <at> 

x = container_of(...)
... when != x = e
* x == NULL
// </smpl>

Signed-off-by: Julia Lawall <julia <at> diku.dk>

---
 net/irda/ircomm/ircomm_tty.c        |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
index 811984d..6306c19 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
 <at>  <at>  -609,7 +609,7  <at>  <at>  static void ircomm_tty_do_softint(struct work_struct *work)
(Continue reading)

Roel Kluin | 25 Jul 23:52 2009
Picon

[PATCH] irda: Read buffer overflow

io[i] is read before the bounds check on i, order should be reversed.

Signed-off-by: Roel Kluin <roel.kluin@...>
---
diff --git a/drivers/net/irda/w83977af_ir.c b/drivers/net/irda/w83977af_ir.c
index d088383..fe4f2b2 100644
--- a/drivers/net/irda/w83977af_ir.c
+++ b/drivers/net/irda/w83977af_ir.c
 <at>  <at>  -115,7 +115,7  <at>  <at>  static int __init w83977af_init(void)

 	IRDA_DEBUG(0, "%s()
", __func__ );

-	for (i=0; (io[i] < 2000) && (i < ARRAY_SIZE(dev_self)); i++) {
+	for (i=0; i < ARRAY_SIZE(dev_self) && io[i] < 2000; i++) {
 		if (w83977af_open(i, io[i], irq[i], dma[i]) == 0)
 			return 0;
 	}

------------------------------------------------------------------------------
Roel Kluin | 31 Jul 16:37 2009
Picon

[PATCH] drivers/net: Read buffer overflow

Check whether index is within bounds before testing the element.

Signed-off-by: Roel Kluin <roel.kluin@...>
---
Although the sizes may be the same, I think checking the ARRAY_SIZE of
io is nicer, or is there a reason why dev_self is used for that?

diff --git a/drivers/net/irda/w83977af_ir.c b/drivers/net/irda/w83977af_ir.c
index d088383..b45ea3b 100644
--- a/drivers/net/irda/w83977af_ir.c
+++ b/drivers/net/irda/w83977af_ir.c
 <at>  <at>  -115,7 +115,7  <at>  <at>  static int __init w83977af_init(void)

 	IRDA_DEBUG(0, "%s()\n", __func__ );

-	for (i=0; (io[i] < 2000) && (i < ARRAY_SIZE(dev_self)); i++) {
+	for (i=0; i < ARRAY_SIZE(io) && io[i] < 2000; i++) {
 		if (w83977af_open(i, io[i], irq[i], dma[i]) == 0)
 			return 0;
 	}

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

Gmane