xfree86: Fix null pointer dereference

Eric Engestrom eric.engestrom at imgtec.com
Fri Sep 23 12:33:00 UTC 2016 

On Fri, Sep 23, 2016 at 03:12:18PM +0300, Hans de Goede wrote:
> Hi,
> 
> On 01/13/2016 07:47 AM, Kyle Guinn wrote:
> > Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=93675
> > 
> > Signed-off-by: Kyle Guinn <elyk03 at gmail.com>
> 
> Thanks for the patch, I've queued this up at:
> 
> https://cgit.freedesktop.org/~jwrdegoede/xserver
> 
> For a 1.19 bug-fix pull-req I'm preparing at.
> 
> Note I've simplified the patch to:
> 
> -    if (d) {
> +    if (d && d->pI2CBus) {
> 
> Instead of the nested ifs you used, still many thanks
> for tracking this crashed down!

I find this better too, but if you do that you need to move

    if (unalloc)
        free(d);

out of that `if (d && d->pI2CBus)` :)

(It had no reason to be there in the first place anyway, as free(NULL) is safe)

Cheers,
  Eric

> 
> Regards,
> 
> Hans
> 
> 
> 
> > ---
> >  hw/xfree86/i2c/xf86i2c.c | 22 ++++++++++++----------
> >  1 file changed, 12 insertions(+), 10 deletions(-)
> > 
> > diff --git a/hw/xfree86/i2c/xf86i2c.c b/hw/xfree86/i2c/xf86i2c.c
> > index 2a8b8df..62b647c 100644
> > --- a/hw/xfree86/i2c/xf86i2c.c
> > +++ b/hw/xfree86/i2c/xf86i2c.c
> > @@ -615,19 +615,21 @@ void
> >  xf86DestroyI2CDevRec(I2CDevPtr d, Bool unalloc)
> >  {
> >      if (d) {
> > -        I2CDevPtr *p;
> > +        if (d->pI2CBus) {
> > +            I2CDevPtr *p;
> > 
> > -        /* Remove this from the list of active I2C devices. */
> > +            /* Remove this from the list of active I2C devices. */
> > 
> > -        for (p = &d->pI2CBus->FirstDev; *p != NULL; p = &(*p)->NextDev)
> > -            if (*p == d) {
> > -                *p = (*p)->NextDev;
> > -                break;
> > -            }
> > +            for (p = &d->pI2CBus->FirstDev; *p != NULL; p = &(*p)->NextDev)
> > +                if (*p == d) {
> > +                    *p = (*p)->NextDev;
> > +                    break;
> > +                }
> > 
> > -        xf86DrvMsg(d->pI2CBus->scrnIndex, X_INFO,
> > -                   "I2C device \"%s:%s\" removed.\n",
> > -                   d->pI2CBus->BusName, d->DevName);
> > +            xf86DrvMsg(d->pI2CBus->scrnIndex, X_INFO,
> > +                       "I2C device \"%s:%s\" removed.\n",
> > +                       d->pI2CBus->BusName, d->DevName);
> > +        }
> > 
> >          if (unalloc)
> >              free(d);
> >

More information about the xorg-devel mailing list