From: Jayachandran C Date: Thu, 27 Oct 2005 22:51:13 +0000 (-0700) Subject: [SCSI] Fix issue reported by coverity in drivers/scsi/scsi_ioctl.c X-Git-Tag: v2.6.15-rc1~723^2~2^2~31 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=4647722673994787bfa294a163fcb6955b93d417;p=linux-2.6-omap-h63xx.git [SCSI] Fix issue reported by coverity in drivers/scsi/scsi_ioctl.c This patch attempts to fix an issue found in drivers/scsi/scsi_ioctl.c by Coverity. Error reported: CID: 3437 Checker: FORWARD_NULL (help) File: /export2/p4-coverity/mc2/linux26/drivers/scsi/scsi_ioctl.c Function: scsi_ioctl_send_command Description: Variable "buf" tracked as NULL was passed to a function that dereferences it. Patch description: buf can be NULL if inlen and outlen are both 0. This patch adds check if the length is non-zero before calling copy from/to user. Signed-off-by: Jayachandran C. Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/scsi_ioctl.c b/drivers/scsi/scsi_ioctl.c index 26f5bc6d9c8..0bba7d8eebb 100644 --- a/drivers/scsi/scsi_ioctl.c +++ b/drivers/scsi/scsi_ioctl.c @@ -278,7 +278,7 @@ int scsi_ioctl_send_command(struct scsi_device *sdev, * Obtain the data to be sent to the device (if any). */ - if(copy_from_user(buf, cmd_in + cmdlen, inlen)) + if(inlen && copy_from_user(buf, cmd_in + cmdlen, inlen)) goto error; switch (opcode) { @@ -322,7 +322,7 @@ int scsi_ioctl_send_command(struct scsi_device *sdev, if (copy_to_user(cmd_in, sense, sb_len)) result = -EFAULT; } else { - if (copy_to_user(cmd_in, buf, outlen)) + if (outlen && copy_to_user(cmd_in, buf, outlen)) result = -EFAULT; }