From 55d7b68996a5064f011d681bca412b6281d2f711 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Tue, 6 May 2008 20:42:27 -0700 Subject: serial: access after NULL check in uart_flush_buffer() I noticed that static void uart_flush_buffer(struct tty_struct *tty) { struct uart_state *state = tty->driver_data; struct uart_port *port = state->port; unsigned long flags; /* * This means you called this function _after_ the port was * closed. No cookie for you. */ if (!state || !state->info) { WARN_ON(1); return; } is too late for checking state != NULL. Signed-off-by: Tetsuo Handa Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/serial/serial_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/serial/serial_core.c b/drivers/serial/serial_core.c index 1e2b9d8..eab0327 100644 --- a/drivers/serial/serial_core.c +++ b/drivers/serial/serial_core.c @@ -556,7 +556,7 @@ static int uart_chars_in_buffer(struct tty_struct *tty) static void uart_flush_buffer(struct tty_struct *tty) { struct uart_state *state = tty->driver_data; - struct uart_port *port = state->port; + struct uart_port *port; unsigned long flags; /* @@ -568,6 +568,7 @@ static void uart_flush_buffer(struct tty_struct *tty) return; } + port = state->port; pr_debug("uart_flush_buffer(%d) called\n", tty->index); spin_lock_irqsave(&port->lock, flags); -- cgit v1.1