From: Keir Fraser <keir@xensource.com>
Date: Fri, 26 Oct 2007 14:14:38 +0000 (+0100)
Subject: serial: Check index argument before indexing into an array.
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~14828^2~28
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:///%22http:/www.example.com/cgi/%22https:/?a=commitdiff_plain;h=0059b250dc8cbf9005bf30d88323dc64bb948e9b;p=xen.git

serial: Check index argument before indexing into an array.
Pointed out by Christoph Egger, and worth fixing for clarity even if
it's not necessarily a bug.
Signed-off-by: Keir Fraser <keir@xensource.com>
---

diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c
index 8a67f54489..66a8058cdb 100644
--- a/xen/drivers/char/ns16550.c
+++ b/xen/drivers/char/ns16550.c
@@ -364,11 +364,13 @@ static void __init ns16550_parse_port_config(
 
 void __init ns16550_init(int index, struct ns16550_defaults *defaults)
 {
-    struct ns16550 *uart = &ns16550_com[index];
+    struct ns16550 *uart;
 
     if ( (index < 0) || (index > 1) )
         return;
 
+    uart = &ns16550_com[index];
+
     uart->baud      = (defaults->baud ? :
                        console_has((index == 0) ? "com1" : "com2")
                        ? BAUD_AUTO : 0);
diff --git a/xen/drivers/char/serial.c b/xen/drivers/char/serial.c
index 921606454a..a9c91e87eb 100644
--- a/xen/drivers/char/serial.c
+++ b/xen/drivers/char/serial.c
@@ -124,10 +124,14 @@ static void __serial_putc(struct serial_port *port, char c)
 
 void serial_putc(int handle, char c)
 {
-    struct serial_port *port = &com[handle & SERHND_IDX];
+    struct serial_port *port;
     unsigned long flags;
 
-    if ( (handle == -1) || !port->driver || !port->driver->putc )
+    if ( handle == -1 )
+        return;
+
+    port = &com[handle & SERHND_IDX];
+    if ( !port->driver || !port->driver->putc )
         return;
 
     spin_lock_irqsave(&port->tx_lock, flags);
@@ -147,11 +151,15 @@ void serial_putc(int handle, char c)
 
 void serial_puts(int handle, const char *s)
 {
-    struct serial_port *port = &com[handle & SERHND_IDX];
+    struct serial_port *port;
     unsigned long flags;
     char c;
 
-    if ( (handle == -1) || !port->driver || !port->driver->putc )
+    if ( handle == -1 )
+        return;
+
+    port = &com[handle & SERHND_IDX];
+    if ( !port->driver || !port->driver->putc )
         return;
 
     spin_lock_irqsave(&port->tx_lock, flags);
@@ -174,11 +182,15 @@ void serial_puts(int handle, const char *s)
 
 char serial_getc(int handle)
 {
-    struct serial_port *port = &com[handle & SERHND_IDX];
+    struct serial_port *port;
     char c;
     unsigned long flags;
 
-    if ( (handle == -1) || !port->driver || !port->driver->getc )
+    if ( handle == -1 )
+        return '\0';
+
+    port = &com[handle & SERHND_IDX];
+    if ( !port->driver || !port->driver->getc )
         return '\0';
 
     do {
@@ -249,12 +261,14 @@ int serial_parse_handle(char *conf)
 
 void serial_set_rx_handler(int handle, serial_rx_fn fn)
 {
-    struct serial_port *port = &com[handle & SERHND_IDX];
+    struct serial_port *port;
     unsigned long flags;
 
     if ( handle == -1 )
         return;
 
+    port = &com[handle & SERHND_IDX];
+
     spin_lock_irqsave(&port->rx_lock, flags);
 
     if ( port->rx != NULL )
@@ -290,11 +304,13 @@ void serial_set_rx_handler(int handle, serial_rx_fn fn)
 
 void serial_force_unlock(int handle)
 {
-    struct serial_port *port = &com[handle & SERHND_IDX];
+    struct serial_port *port;
 
     if ( handle == -1 )
         return;
 
+    port = &com[handle & SERHND_IDX];
+
     spin_lock_init(&port->rx_lock);
     spin_lock_init(&port->tx_lock);
 
@@ -303,12 +319,14 @@ void serial_force_unlock(int handle)
 
 void serial_start_sync(int handle)
 {
-    struct serial_port *port = &com[handle & SERHND_IDX];
+    struct serial_port *port;
     unsigned long flags;
 
     if ( handle == -1 )
         return;
     
+    port = &com[handle & SERHND_IDX];
+
     spin_lock_irqsave(&port->tx_lock, flags);
 
     if ( port->sync++ == 0 )
@@ -327,12 +345,14 @@ void serial_start_sync(int handle)
 
 void serial_end_sync(int handle)
 {
-    struct serial_port *port = &com[handle & SERHND_IDX];
+    struct serial_port *port;
     unsigned long flags;
 
     if ( handle == -1 )
         return;
     
+    port = &com[handle & SERHND_IDX];
+
     spin_lock_irqsave(&port->tx_lock, flags);
 
     port->sync--;
@@ -342,9 +362,10 @@ void serial_end_sync(int handle)
 
 int serial_tx_space(int handle)
 {
-    struct serial_port *port = &com[handle & SERHND_IDX];
+    struct serial_port *port;
     if ( handle == -1 )
         return SERIAL_TXBUFSZ;
+    port = &com[handle & SERHND_IDX];
     return SERIAL_TXBUFSZ - (port->txbufp - port->txbufc);
 }