merged into cifs-2-6.git - let me know if you see any problems with these ASAP
On Thu, Apr 6, 2017 at 1:24 PM, Sachin Prabhu <sprabhu@xxxxxxxxxx> wrote:
> On Thu, 2017-04-06 at 11:07 +0100, Sachin Prabhu wrote:
>> On Thu, 2017-04-06 at 12:11 +0300, Dan Carpenter wrote:
>> > Hello Sachin Prabhu,
>> >
>> > The patch 96b75d0508f8: "Handle mismatched open calls" from Mar 3,
>> > 2017, leads to the following static checker warning:
>> >
>> > fs/cifs/cifssmb.c:1530 cifs_readv_receive()
>> > error: potential NULL dereference 'server->smallbuf'.
>> >
>> > fs/cifs/cifssmb.c
>> > 1519 cifs_dbg(FYI, "0: iov_base=%p iov_len=%u\n",
>> > 1520 rdata->iov[0].iov_base, server-
>> > >total_read);
>> > 1521
>> > 1522 mid->resp_buf = server->smallbuf;
>> > 1523 server->smallbuf = NULL;
>> > ^^^^^^^^^^^^^^^^^^^^^^^
>> > We set this to NULL here
>> >
>> > 1524
>> > 1525 /* how much data is in the response? */
>> > 1526 data_len = server->ops->read_data_length(buf);
>> > 1527 if (data_offset + data_len > buflen) {
>> > 1528 /* data_len is corrupt -- discard frame */
>> > 1529 rdata->result = -EIO;
>> > 1530 return cifs_readv_discard(server, mid);
>> > ^^^^^^
>> > but we need it here.
>> >
>> > 1531 }
>> > 1532
>> > 1533 length = rdata->read_into_pages(server, rdata,
>> > data_len);
>> > 1534 if (length < 0)
>> > 1535 return length;
>> >
>> > regards,
>> > dan carpenter
>>
>> Thanks Dan,
>>
>
> Hello Dan,
>
> I have attached a patch which replaces the original
> "Handle mismatched open calls" patch from the for-next branch.
> Can you please run it against the static checker.
>
> In the patch, we pass a buffer to cifs_discard_remaining_data() instead
> of using server->small_buf to obtain the rfc len.
>
> Thanks
> Sachin Prabhu
--
Thanks,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
