[PATCH 1/5] b1553brm.c: Fix Dereference before null check (CID #1399829)

Ryan Long thisisryanlong at gmail.com
Thu Feb 18 14:35:09 UTC 2021


CID 1399829: Dereference before null check in brm_control().

Closes #4250
---
 bsps/shared/grlib/1553/b1553brm.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/bsps/shared/grlib/1553/b1553brm.c b/bsps/shared/grlib/1553/b1553brm.c
index 57ef701..694f585 100644
--- a/bsps/shared/grlib/1553/b1553brm.c
+++ b/bsps/shared/grlib/1553/b1553brm.c
@@ -994,8 +994,8 @@ static rtems_device_driver brm_control(rtems_device_major_number major, rtems_de
 	unsigned int i=0;
 	unsigned short ctrl, oper, cw1, cw2;
 	rtems_libio_ioctl_args_t *ioarg = (rtems_libio_ioctl_args_t *) arg;
-	unsigned int *data = ioarg->buffer;
-	struct bc_msg *cmd_list = (struct bc_msg *) ioarg->buffer;
+	unsigned int *data;
+	struct bc_msg *cmd_list;
   	brm_priv *brm;
 	struct drvmgr_dev *dev;
 	rtems_device_driver ret;
@@ -1013,6 +1013,9 @@ static rtems_device_driver brm_control(rtems_device_major_number major, rtems_de
 		return RTEMS_INVALID_NAME;
 	}
 
+        data = ioarg->buffer;
+        cmd_list = (struct bc_msg *) ioarg->buffer;
+
 	ioarg->ioctl_return = 0;
 	switch (ioarg->command) {
 
-- 
1.8.3.1



More information about the devel mailing list