ia64/xen-unstable

changeset 16256:537b8edb1efa

serial: Check index argument before indexing into an array.
Pointed out by Christoph Egger, and worth fixing for clarity even if
it's not necessarily a bug.
Signed-off-by: Keir Fraser <keir@xensource.com>
author Keir Fraser <keir@xensource.com>
date Fri Oct 26 15:14:38 2007 +0100 (2007-10-26)
parents 62426339d644
children 05f257f4f3c7
files xen/drivers/char/ns16550.c xen/drivers/char/serial.c
line diff
     1.1 --- a/xen/drivers/char/ns16550.c	Fri Oct 26 11:48:58 2007 +0100
     1.2 +++ b/xen/drivers/char/ns16550.c	Fri Oct 26 15:14:38 2007 +0100
     1.3 @@ -364,11 +364,13 @@ static void __init ns16550_parse_port_co
     1.4  
     1.5  void __init ns16550_init(int index, struct ns16550_defaults *defaults)
     1.6  {
     1.7 -    struct ns16550 *uart = &ns16550_com[index];
     1.8 +    struct ns16550 *uart;
     1.9  
    1.10      if ( (index < 0) || (index > 1) )
    1.11          return;
    1.12  
    1.13 +    uart = &ns16550_com[index];
    1.14 +
    1.15      uart->baud      = (defaults->baud ? :
    1.16                         console_has((index == 0) ? "com1" : "com2")
    1.17                         ? BAUD_AUTO : 0);
     2.1 --- a/xen/drivers/char/serial.c	Fri Oct 26 11:48:58 2007 +0100
     2.2 +++ b/xen/drivers/char/serial.c	Fri Oct 26 15:14:38 2007 +0100
     2.3 @@ -124,10 +124,14 @@ static void __serial_putc(struct serial_
     2.4  
     2.5  void serial_putc(int handle, char c)
     2.6  {
     2.7 -    struct serial_port *port = &com[handle & SERHND_IDX];
     2.8 +    struct serial_port *port;
     2.9      unsigned long flags;
    2.10  
    2.11 -    if ( (handle == -1) || !port->driver || !port->driver->putc )
    2.12 +    if ( handle == -1 )
    2.13 +        return;
    2.14 +
    2.15 +    port = &com[handle & SERHND_IDX];
    2.16 +    if ( !port->driver || !port->driver->putc )
    2.17          return;
    2.18  
    2.19      spin_lock_irqsave(&port->tx_lock, flags);
    2.20 @@ -147,11 +151,15 @@ void serial_putc(int handle, char c)
    2.21  
    2.22  void serial_puts(int handle, const char *s)
    2.23  {
    2.24 -    struct serial_port *port = &com[handle & SERHND_IDX];
    2.25 +    struct serial_port *port;
    2.26      unsigned long flags;
    2.27      char c;
    2.28  
    2.29 -    if ( (handle == -1) || !port->driver || !port->driver->putc )
    2.30 +    if ( handle == -1 )
    2.31 +        return;
    2.32 +
    2.33 +    port = &com[handle & SERHND_IDX];
    2.34 +    if ( !port->driver || !port->driver->putc )
    2.35          return;
    2.36  
    2.37      spin_lock_irqsave(&port->tx_lock, flags);
    2.38 @@ -174,11 +182,15 @@ void serial_puts(int handle, const char 
    2.39  
    2.40  char serial_getc(int handle)
    2.41  {
    2.42 -    struct serial_port *port = &com[handle & SERHND_IDX];
    2.43 +    struct serial_port *port;
    2.44      char c;
    2.45      unsigned long flags;
    2.46  
    2.47 -    if ( (handle == -1) || !port->driver || !port->driver->getc )
    2.48 +    if ( handle == -1 )
    2.49 +        return '\0';
    2.50 +
    2.51 +    port = &com[handle & SERHND_IDX];
    2.52 +    if ( !port->driver || !port->driver->getc )
    2.53          return '\0';
    2.54  
    2.55      do {
    2.56 @@ -249,12 +261,14 @@ int serial_parse_handle(char *conf)
    2.57  
    2.58  void serial_set_rx_handler(int handle, serial_rx_fn fn)
    2.59  {
    2.60 -    struct serial_port *port = &com[handle & SERHND_IDX];
    2.61 +    struct serial_port *port;
    2.62      unsigned long flags;
    2.63  
    2.64      if ( handle == -1 )
    2.65          return;
    2.66  
    2.67 +    port = &com[handle & SERHND_IDX];
    2.68 +
    2.69      spin_lock_irqsave(&port->rx_lock, flags);
    2.70  
    2.71      if ( port->rx != NULL )
    2.72 @@ -290,11 +304,13 @@ void serial_set_rx_handler(int handle, s
    2.73  
    2.74  void serial_force_unlock(int handle)
    2.75  {
    2.76 -    struct serial_port *port = &com[handle & SERHND_IDX];
    2.77 +    struct serial_port *port;
    2.78  
    2.79      if ( handle == -1 )
    2.80          return;
    2.81  
    2.82 +    port = &com[handle & SERHND_IDX];
    2.83 +
    2.84      spin_lock_init(&port->rx_lock);
    2.85      spin_lock_init(&port->tx_lock);
    2.86  
    2.87 @@ -303,12 +319,14 @@ void serial_force_unlock(int handle)
    2.88  
    2.89  void serial_start_sync(int handle)
    2.90  {
    2.91 -    struct serial_port *port = &com[handle & SERHND_IDX];
    2.92 +    struct serial_port *port;
    2.93      unsigned long flags;
    2.94  
    2.95      if ( handle == -1 )
    2.96          return;
    2.97      
    2.98 +    port = &com[handle & SERHND_IDX];
    2.99 +
   2.100      spin_lock_irqsave(&port->tx_lock, flags);
   2.101  
   2.102      if ( port->sync++ == 0 )
   2.103 @@ -327,12 +345,14 @@ void serial_start_sync(int handle)
   2.104  
   2.105  void serial_end_sync(int handle)
   2.106  {
   2.107 -    struct serial_port *port = &com[handle & SERHND_IDX];
   2.108 +    struct serial_port *port;
   2.109      unsigned long flags;
   2.110  
   2.111      if ( handle == -1 )
   2.112          return;
   2.113      
   2.114 +    port = &com[handle & SERHND_IDX];
   2.115 +
   2.116      spin_lock_irqsave(&port->tx_lock, flags);
   2.117  
   2.118      port->sync--;
   2.119 @@ -342,9 +362,10 @@ void serial_end_sync(int handle)
   2.120  
   2.121  int serial_tx_space(int handle)
   2.122  {
   2.123 -    struct serial_port *port = &com[handle & SERHND_IDX];
   2.124 +    struct serial_port *port;
   2.125      if ( handle == -1 )
   2.126          return SERIAL_TXBUFSZ;
   2.127 +    port = &com[handle & SERHND_IDX];
   2.128      return SERIAL_TXBUFSZ - (port->txbufp - port->txbufc);
   2.129  }
   2.130