MFC

- rev 1.31 of maestro.c - rev 1.93 of dsp.c Both fix potential NULL pointer dereferencing. Found with: Coverity Prevent(tm) Approved by: re (kensmith)
2006-02-04 11:58:28 +00:00 · 2006-02-04 11:58:28 +00:00 · f8325a658c
commit f8325a658c
parent 3d8ebe26d4
2 changed files with 69 additions and 36 deletions
--- a/sys/dev/sound/pci/maestro.c
+++ b/sys/dev/sound/pci/maestro.c
@ -1928,18 +1928,19 @@ agg_attach(device_t dev)
 		bus_release_resource(dev, SYS_RES_IRQ, irqid, irq);
 	if (reg != NULL)
 		bus_release_resource(dev, SYS_RES_IOPORT, regid, reg);
-	if (ess->stat != NULL)
+	if (ess != NULL) {
-		dma_free(ess->stat_dmat, ess->stat);
+		if (ess->stat != NULL)
-	if (ess->stat_dmat != NULL)
+			dma_free(ess->stat_dmat, ess->stat);
-		bus_dma_tag_destroy(ess->stat_dmat);
+		if (ess->stat_dmat != NULL)
-	if (ess->buf_dmat != NULL)
+			bus_dma_tag_destroy(ess->stat_dmat);
-		bus_dma_tag_destroy(ess->buf_dmat);
+		if (ess->buf_dmat != NULL)
 			bus_dma_tag_destroy(ess->buf_dmat);
 #ifdef USING_MUTEX
-	if (mtx_initialized(&ess->lock))
+		if (mtx_initialized(&ess->lock))
-		mtx_destroy(&ess->lock);
+			mtx_destroy(&ess->lock);
 #endif
 	if (ess != NULL)
 		free(ess, M_DEVBUF);
 	}
 	return ret;
 }
--- a/sys/dev/sound/pcm/dsp.c
+++ b/sys/dev/sound/pcm/dsp.c
@ -470,13 +470,18 @@ dsp_ioctl(struct cdev *i_dev, u_long cmd, caddr_t arg, int mode, struct thread *
     	 * we start with the new ioctl interface.
     	 */
    	case AIONWRITE:	/* how many bytes can write ? */
-		CHN_LOCK(wrch);
+		if (wrch) {
 			CHN_LOCK(wrch);
 /*
 		if (wrch && wrch->bufhard.dl)
 			while (chn_wrfeed(wrch) == 0);
 */
-		*arg_i = wrch? sndbuf_getfree(wrch->bufsoft) : 0;
+			*arg_i = sndbuf_getfree(wrch->bufsoft);
-		CHN_UNLOCK(wrch);
+			CHN_UNLOCK(wrch);
 		} else {
 			*arg_i = 0;
 			ret = EINVAL;
 		}
 		break;
    	case AIOSSIZE:     /* set the current blocksize */
@ -623,8 +628,10 @@ dsp_ioctl(struct cdev *i_dev, u_long cmd, caddr_t arg, int mode, struct thread *
 */
 			*arg_i = sndbuf_getready(rdch->bufsoft);
 			CHN_UNLOCK(rdch);
-		} else
+		} else {
 			*arg_i = 0;
 			ret = EINVAL;
 		}
 		break;
    	case FIOASYNC: /*set/clear async i/o */
@ -658,9 +665,14 @@ dsp_ioctl(struct cdev *i_dev, u_long cmd, caddr_t arg, int mode, struct thread *
    	case THE_REAL_SNDCTL_DSP_GETBLKSIZE:
    	case SNDCTL_DSP_GETBLKSIZE:
 		chn = wrch ? wrch : rdch;
-		CHN_LOCK(chn);
+		if (chn) {
-		*arg_i = sndbuf_getblksz(chn->bufsoft);
+			CHN_LOCK(chn);
-		CHN_UNLOCK(chn);
+			*arg_i = sndbuf_getblksz(chn->bufsoft);
 			CHN_UNLOCK(chn);
 		} else {
 			*arg_i = 0;
 			ret = EINVAL;
 		}
 		break ;
    	case SNDCTL_DSP_SETBLKSIZE:
@ -724,9 +736,14 @@ dsp_ioctl(struct cdev *i_dev, u_long cmd, caddr_t arg, int mode, struct thread *
    	case SOUND_PCM_READ_RATE:
 		chn = wrch ? wrch : rdch;
-		CHN_LOCK(chn);
+		if (chn) {
-		*arg_i = chn->speed;
+			CHN_LOCK(chn);
-		CHN_UNLOCK(chn);
+			*arg_i = chn->speed;
 			CHN_UNLOCK(chn);
 		} else {
 			*arg_i = 0;
 			ret = EINVAL;
 		}
 		break;
    	case SNDCTL_DSP_STEREO:
@ -777,16 +794,26 @@ dsp_ioctl(struct cdev *i_dev, u_long cmd, caddr_t arg, int mode, struct thread *
    	case SOUND_PCM_READ_CHANNELS:
 		chn = wrch ? wrch : rdch;
-		CHN_LOCK(chn);
+		if (chn) {
-		*arg_i = (chn->format & AFMT_STEREO) ? 2 : 1;
+			CHN_LOCK(chn);
-		CHN_UNLOCK(chn);
+			*arg_i = (chn->format & AFMT_STEREO) ? 2 : 1;
 			CHN_UNLOCK(chn);
 		} else {
 			*arg_i = 0;
 			ret = EINVAL;
 		}
 		break;
    	case SNDCTL_DSP_GETFMTS:	/* returns a mask of supported fmts */
 		chn = wrch ? wrch : rdch;
-		CHN_LOCK(chn);
+		if (chn) {
-		*arg_i = chn_getformats(chn);
+			CHN_LOCK(chn);
-		CHN_UNLOCK(chn);
+			*arg_i = chn_getformats(chn);
 			CHN_UNLOCK(chn);
 		} else {
 			*arg_i = 0;
 			ret = EINVAL;
 		}
 		break ;
    	case SNDCTL_DSP_SETFMT:	/* sets _one_ format */
@ -942,18 +969,23 @@ dsp_ioctl(struct cdev *i_dev, u_long cmd, caddr_t arg, int mode, struct thread *
    	case SOUND_PCM_READ_BITS:
 		chn = wrch ? wrch : rdch;
-		CHN_LOCK(chn);
+		if (chn) {
-		if (chn->format & AFMT_8BIT)
+			CHN_LOCK(chn);
-        		*arg_i = 8;
+			if (chn->format & AFMT_8BIT)
-		else if (chn->format & AFMT_16BIT)
+				*arg_i = 8;
-        		*arg_i = 16;
+			else if (chn->format & AFMT_16BIT)
-		else if (chn->format & AFMT_24BIT)
+				*arg_i = 16;
-        		*arg_i = 24;
+			else if (chn->format & AFMT_24BIT)
-		else if (chn->format & AFMT_32BIT)
+				*arg_i = 24;
-        		*arg_i = 32;
+			else if (chn->format & AFMT_32BIT)
-		else
+				*arg_i = 32;
 			else
 				ret = EINVAL;
 			CHN_UNLOCK(chn);
 		} else {
 			*arg_i = 0;
 			ret = EINVAL;
-		CHN_UNLOCK(chn);
+		}
 		break;
    	case SNDCTL_DSP_SETTRIGGER: