On Sat, Jan 27, 2018 at 03:09:11PM +0100, Julia Lawall wrote: > > > On Sat, 27 Jan 2018, Dan Carpenter wrote: > > > On Sat, Jan 27, 2018 at 02:37:49PM +0100, Julia Lawall wrote: > > > Please check whether line 212 is reachable from line 198. > > > > > > > No. It's not. > > > > > d7e09d039 drivers/staging/lustre/lustre/libcfs/linux/linux-tcpip.c Peng Tao 2013-05-02 192 nfound = ifc.ifc_len / sizeof(*ifr); > > > d7e09d039 drivers/staging/lustre/lustre/libcfs/linux/linux-tcpip.c Peng Tao 2013-05-02 193 LASSERT(nfound <= nalloc); > > > d7e09d039 drivers/staging/lustre/lustre/libcfs/linux/linux-tcpip.c Peng Tao 2013-05-02 194 > > > d7e09d039 drivers/staging/lustre/lustre/libcfs/linux/linux-tcpip.c Peng Tao 2013-05-02 195 if (nfound < nalloc || toobig) > > > d7e09d039 drivers/staging/lustre/lustre/libcfs/linux/linux-tcpip.c Peng Tao 2013-05-02 196 break; > > ^^^^^ > > The only place where the loop breaks is here. > > I saw that, but does it imply that nfound is 0? > No, but it implies "ifr" allocated and non-zero. To be honest, I'm not sure how any flow analysis would warn about a use after free here unless perhaps it didn't reset "ifr" to allocated again on the next assignment after the free? regards, dan carpenter _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
