Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 63eb1e4b authored by Jesper Juhl's avatar Jesper Juhl Committed by Jaroslav Kysela
Browse files

[ALSA] fix potential NULL pointer deref in snd_sb8dsp_midi_interrupt() 



First testing if a pointer is NULL and if it is (or might be), proceeding
with code that dereferences that same pointer is clearly a mistake.
This happens in sound/isa/sb/sb8_midi.c::snd_sb8dsp_midi_interrupt()
The patch below reworks the code so this unfortunate case doesn't happen.
Also remove some blank comments.
Found by the Coverity checker as bug #367
Patch is compile testted only due to lack of hardware.

Signed-off-by: default avatarJesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent 6540dffa

sound/isa/sb/sb8_midi.c

+7 −13
Original line number Diff line number Diff line
@@ -32,9 +32,6 @@ 
#include <sound/core.h>

#include <sound/sb.h>



/*



 */



irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb *chip)

{
@@ -42,10 +39,15 @@ irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip) 
	int max = 64;

	char byte;



	if (chip == NULL || (rmidi = chip->rmidi) == NULL) {

	if (!chip)

		return IRQ_NONE;

	

	rmidi = chip->rmidi;

	if (!rmidi) {

		inb(SBP(chip, DATA_AVAIL));	/* ack interrupt */

		return IRQ_NONE;

	}



	spin_lock(&chip->midi_input_lock);

	while (max-- > 0) {

		if (inb(SBP(chip, DATA_AVAIL)) & 0x80) {
@@ -59,10 +61,6 @@ irqreturn_t snd_sb8dsp_midi_interrupt(struct snd_sb * chip) 
	return IRQ_HANDLED;

}



/*



 */



static int snd_sb8dsp_midi_input_open(struct snd_rawmidi_substream *substream)

{

	unsigned long flags;
@@ -252,10 +250,6 @@ static void snd_sb8dsp_midi_output_trigger(struct snd_rawmidi_substream *substre 
		snd_sb8dsp_midi_output_write(substream);

}



/*



 */



static struct snd_rawmidi_ops snd_sb8dsp_midi_output =

{

	.open =		snd_sb8dsp_midi_output_open,