Module Name: src Committed By: christos Date: Thu Apr 17 16:08:42 UTC 2014
Modified Files: src/sys/dev/ic: mpt_netbsd.c Log Message: CID/1203197: NULL deref To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/sys/dev/ic/mpt_netbsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/dev/ic/mpt_netbsd.c diff -u src/sys/dev/ic/mpt_netbsd.c:1.23 src/sys/dev/ic/mpt_netbsd.c:1.24 --- src/sys/dev/ic/mpt_netbsd.c:1.23 Thu Apr 17 11:55:53 2014 +++ src/sys/dev/ic/mpt_netbsd.c Thu Apr 17 12:08:42 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: mpt_netbsd.c,v 1.23 2014/04/17 15:55:53 christos Exp $ */ +/* $NetBSD: mpt_netbsd.c,v 1.24 2014/04/17 16:08:42 christos Exp $ */ /* * Copyright (c) 2003 Wasabi Systems, Inc. @@ -77,7 +77,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: mpt_netbsd.c,v 1.23 2014/04/17 15:55:53 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: mpt_netbsd.c,v 1.24 2014/04/17 16:08:42 christos Exp $"); #include <dev/ic/mpt.h> /* pulls in all headers */ #include <sys/scsiio.h> @@ -516,19 +516,22 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl /* XXX BUS_DMASYNC_POSTREAD XXX */ mpt_reply = MPT_REPLY_PTOV(mpt, reply); - if (mpt->verbose > 1) { - uint32_t *pReply = (uint32_t *) mpt_reply; + if (mpt_reply != NULL) { + if (mpt->verbose > 1) { + uint32_t *pReply = (uint32_t *) mpt_reply; - mpt_prt(mpt, "Address Reply (index %u):", - le32toh(mpt_reply->MsgContext) & 0xffff); - mpt_prt(mpt, "%08x %08x %08x %08x", - pReply[0], pReply[1], pReply[2], pReply[3]); - mpt_prt(mpt, "%08x %08x %08x %08x", - pReply[4], pReply[5], pReply[6], pReply[7]); - mpt_prt(mpt, "%08x %08x %08x %08x", - pReply[8], pReply[9], pReply[10], pReply[11]); - } - index = le32toh(mpt_reply->MsgContext); + mpt_prt(mpt, "Address Reply (index %u):", + le32toh(mpt_reply->MsgContext) & 0xffff); + mpt_prt(mpt, "%08x %08x %08x %08x", pReply[0], + pReply[1], pReply[2], pReply[3]); + mpt_prt(mpt, "%08x %08x %08x %08x", pReply[4], + pReply[5], pReply[6], pReply[7]); + mpt_prt(mpt, "%08x %08x %08x %08x", pReply[8], + pReply[9], pReply[10], pReply[11]); + } + index = le32toh(mpt_reply->MsgContext); + } else + index = reply & MPT_CONTEXT_MASK; } /* @@ -763,16 +766,19 @@ mpt_done(mpt_softc_t *mpt, uint32_t repl break; } - if (mpt_reply->SCSIState & MPI_SCSI_STATE_AUTOSENSE_VALID) { - memcpy(&xs->sense.scsi_sense, req->sense_vbuf, - sizeof(xs->sense.scsi_sense)); - } else if (mpt_reply->SCSIState & MPI_SCSI_STATE_AUTOSENSE_FAILED) { - /* - * This will cause the scsipi layer to issue - * a REQUEST SENSE. - */ - if (xs->status == SCSI_CHECK) - xs->error = XS_BUSY; + if (mpt_reply != NULL) { + if (mpt_reply->SCSIState & MPI_SCSI_STATE_AUTOSENSE_VALID) { + memcpy(&xs->sense.scsi_sense, req->sense_vbuf, + sizeof(xs->sense.scsi_sense)); + } else if (mpt_reply->SCSIState & + MPI_SCSI_STATE_AUTOSENSE_FAILED) { + /* + * This will cause the scsipi layer to issue + * a REQUEST SENSE. + */ + if (xs->status == SCSI_CHECK) + xs->error = XS_BUSY; + } } done: