diff options
author | cperciva <cperciva@FreeBSD.org> | 2008-08-04 07:01:42 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2008-08-04 07:01:42 +0000 |
commit | cebedc34981fc20851ec92c818884c42aec0d8ed (patch) | |
tree | 64fc0274a3dc8e6301a83f473edc163ba473da02 | |
parent | 5b18df3c7320c50e7b637d1154acf50eb81c99e8 (diff) | |
download | FreeBSD-src-cebedc34981fc20851ec92c818884c42aec0d8ed.zip FreeBSD-src-cebedc34981fc20851ec92c818884c42aec0d8ed.tar.gz |
Dereferencing uninitialized pointers considered harmful. Prior to this
commit, calling i386_parsedev(..., X, ...) where X is "ad", "bge", or
any other disk or network device name without a unit number, would
result in dereferencing whatever happened to be on the stack where the
variable "cp" is stored.
Found by: LLVM/Clang Static Checker
-rw-r--r-- | sys/boot/i386/libi386/devicename.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/boot/i386/libi386/devicename.c b/sys/boot/i386/libi386/devicename.c index 520fdb5..e1035aa 100644 --- a/sys/boot/i386/libi386/devicename.c +++ b/sys/boot/i386/libi386/devicename.c @@ -150,6 +150,8 @@ i386_parsedev(struct i386_devdesc **dev, const char *devspec, const char **path) cp++; } } + } else { + cp = np; } if (*cp && (*cp != ':')) { err = EINVAL; @@ -173,6 +175,8 @@ i386_parsedev(struct i386_devdesc **dev, const char *devspec, const char **path) err = EUNIT; goto fail; } + } else { + cp = np; } if (*cp && (*cp != ':')) { err = EINVAL; |