[coreboot] NULL pointer dereference in search_bus_device()
Myles Watson
mylesgw at gmail.com
Mon Jan 10 14:29:35 CET 2011
On Mon, Jan 10, 2011 at 6:27 AM, Sven Schnelle <svens at stackframe.org> wrote:
> "Myles Watson" <mylesgw at gmail.com> writes:
>
>>> diff --git a/src/devices/device_util.c b/src/devices/device_util.c
>>> index 9081a36..d761cba 100644
>>> --- a/src/devices/device_util.c
>>> +++ b/src/devices/device_util.c
>>> @@ -583,8 +583,9 @@ void search_bus_resources(struct bus *bus, unsigned
>>> long type_mask,
>>> if (subbus->link_num
>>> ==
>> IOINDEX_SUBTRACTIVE_LINK(res->index))
>>> break;
>>> - search_bus_resources(subbus, type_mask,
>> type,
>>> - search, gp);
>>> + if (subbus)
>>> + search_bus_resources(subbus,
>> type_mask,
>>> type,
>>> + search, gp);
>>> continue;
>>> }
>>> search(gp, curdev, res);
>>
>> If subbus is NULL, then accessing subbus->link_num is also a problem.
>
> That doesn't happen, because the if (subbus... is in the for loop, which
> checks for NULL. the search_bus_resources() is always called outside the
> for loop.
You're right. I should have looked at the code first, instead of just
the patch. There wasn't enough context.
If there is no bus there, maybe the resource shouldn't be subtractive.
Maybe we should print a message when that happens so that we can fix
the problem.
Thanks,
Myles
More information about the coreboot
mailing list