Subject: kern/97: sbintr dereferences null pointer on stray interrupt.
To: None <gnats-admin>
From: None <sommerfeld@orchard.medford.ma.us>
List: netbsd-bugs
Date: 01/24/1994 22:05:05
>Number: 97
>Category: kern
>Synopsis: sbintr calls through NULL on stray intr
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: gnats-admin (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Jan 24 22:05:03 1994
>Originator: Bill Sommerfeld
>Organization:
None
>Release: -current
>Environment:
System: NetBSD orchard.medford.ma.us 0.9a ORCHARD#7 i386
>Description:
the soundblaster driver, /sys/arch/i386/isa/sb.c, in sbintr(),
calls through the dma completion routine (sc->sc_intr) function
pointer without checking first to see if it's NULL.
My system occasionally generates stray interrupts on IRQ 7, which
is the IRQ that the soundblaster is on..
>How-To-Repeat:
happens under load occasionally; seems to be related to using multiple
serial lines at once.
>Fix:
(untested as of yet).
*** 1.1 1994/01/25 05:26:04
--- sb.c 1994/01/25 05:27:08
***************
*** 622,630 ****
if (sc->sc_mintr != 0) {
int c = rdsp(sc->sc_base);
(*sc->sc_mintr)(sc->sc_arg, c);
! } else
(*sc->sc_intr)(sc->sc_arg);
!
return (1);
}
--- 622,630 ----
if (sc->sc_mintr != 0) {
int c = rdsp(sc->sc_base);
(*sc->sc_mintr)(sc->sc_arg, c);
! } else if (sc->sc_intr != 0) {
(*sc->sc_intr)(sc->sc_arg);
! }
return (1);
}
>Audit-Trail:
>Unformatted:
------------------------------------------------------------------------------