On Sat, Mar 19, 2011 at 6:28 PM, Dan Carpenter <error27@xxxxxxxxx> wrote:
> Smatch complains about this, but I don't know if it's a bug or not.
>
> fs/cifs/transport.c +791 SendReceive(106)
> warn: variable dereferenced before check 'midQ->resp_buf'
>
> 780 receive_len = be32_to_cpu(midQ->resp_buf->smb_buf_length);
> ^^^^^^^^^^^^^^^^
> dereference
> 781
> 782 if (receive_len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) {
> 783 cERROR(1, "Frame too large received. Length: %d Xid: %d",
> 784 receive_len, xid);
> 785 rc = -EIO;
> 786 goto out;
> 787 }
> 788
> 789 /* rcvd frame is ok */
> 790
> 791 if (midQ->resp_buf && out_buf
> ^^^^^^^^^^^^^^
> checking for null
>
> 792 && (midQ->midState == MID_RESPONSE_RECEIVED)) {
> 793 out_buf->smb_buf_length = cpu_to_be32(receive_len);
>
> regards,
> dan carpenter
Older kernels had the same (midQ->resp_buf == NULL)
check in the same place, and I don't see a way to get there with
midQ->resp_buf == NULL so that check on line
791 does look redundant check.
I will double check.
--
Thanks,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
