From: Salyzyn, Mark Date: Wed, 21 Mar 2007 17:22:56 +0000 (-0400) Subject: [SCSI] aacraid: check buffer address in aac_internal_transfer X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=20235f35221472f1a127a5d5414f11091eb0a845;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git [SCSI] aacraid: check buffer address in aac_internal_transfer Captured a panic on an older kernel where an application issuing commands via sg was sending requests that lacked a request_buffer, thus the buffer pointer used in aac_internal_transer was NULL. The application was fixed closing the issue, but felt it was advised to immunize the driver against the eventuality. Signed-off-by: Mark Salyzyn Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c index 0c4e27eb6520..f9deab686dc4 100644 --- a/drivers/scsi/aacraid/aachba.c +++ b/drivers/scsi/aacraid/aachba.c @@ -350,8 +350,9 @@ static void aac_internal_transfer(struct scsi_cmnd *scsicmd, void *data, unsigne buf = scsicmd->request_buffer; transfer_len = min(scsicmd->request_bufflen, len + offset); } - - memcpy(buf + offset, data, transfer_len - offset); + transfer_len -= offset; + if (buf && transfer_len) + memcpy(buf + offset, data, transfer_len); if (scsicmd->use_sg) kunmap_atomic(buf - sg->offset, KM_IRQ0);