[ros-diffs] [dchapyshev] 43050: - Handle potential null-pointer access. Found by Amine Khaldi.
dchapyshev at svn.reactos.org
dchapyshev at svn.reactos.org
Mon Sep 14 13:13:55 CEST 2009
Author: dchapyshev
Date: Mon Sep 14 13:13:54 2009
New Revision: 43050
URL: http://svn.reactos.org/svn/reactos?rev=43050&view=rev
Log:
- Handle potential null-pointer access. Found by Amine Khaldi.
Modified:
trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c
Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c?rev=43050&r1=43049&r2=43050&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c [iso-8859-1] Mon Sep 14 13:13:54 2009
@@ -1573,6 +1573,7 @@
PEHCI_QTD_CONTENT ptdc;
PEHCI_QH_CONTENT pqhc;
PEHCI_ELEM_LINKS pelnk;
+ PEHCI_ELEM_LINKS plnk;
if (ehci == NULL || purb == NULL)
return STATUS_INVALID_PARAMETER;
@@ -1685,7 +1686,17 @@
RemoveEntryList(&td_list);
elem_pool_lock(qh_pool, TRUE);
- pqh = (PEHCI_QH) ((ULONG) elem_pool_alloc_elem(qh_pool)->phys_part & PHYS_PART_ADDR_MASK);
+
+ plnk = elem_pool_alloc_elem(qh_pool);
+ if (plnk == NULL)
+ {
+ // free the qtds
+ elem_safe_free(pthis, TRUE);
+ if (qh_pool) elem_pool_unlock(qh_pool, TRUE);
+ return STATUS_UNSUCCESSFUL;
+ }
+
+ pqh = (PEHCI_QH) ((ULONG) plnk->phys_part & PHYS_PART_ADDR_MASK);
elem_pool_unlock(qh_pool, TRUE);
if (pqh == NULL)
More information about the Ros-diffs
mailing list