[PATCH 03/15] lttng lib: ring buffer move null pointer check to open

Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> · Wed, 30 Nov 2011 13:34:16 -0500

* Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> The patch c844b2f5cfea: "lttng lib: ring buffer" from Nov 28, 2011,
> leads to the following Smatch complaint:
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c +86
> +lib_ring_buffer_mmap_buf()
>          warn: variable dereferenced before check 'buf' (see line 79)
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
>     78          unsigned long length = vma->vm_end - vma->vm_start;
>     79          struct channel *chan = buf->backend.chan;
>                                        ^^^^^^^^^^^^^^^^^
> Dereference.
>
>     80          const struct lib_ring_buffer_config *config = chan->backend.config;
>     81          unsigned long mmap_buf_len;
>     82
>     83          if (config->output != RING_BUFFER_MMAP)
>     84                  return -EINVAL;
>     85
>     86          if (!buf)
>                     ^^^^
> Check.
>
>     87                  return -EBADF;
>     88

Let's move the NULL buf check to the file "open", where it belongs. The
"open" file operation is the actual interface between lib ring buffer
and the modules using it.

Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
---
 .../lttng/lib/ringbuffer/ring_buffer_mmap.c        |    3 ---
 .../staging/lttng/lib/ringbuffer/ring_buffer_vfs.c |    3 +++
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
index cf37434..c9d6e89 100644
--- a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
+++ b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
@@ -80,9 +80,6 @@ static int lib_ring_buffer_mmap_buf(struct lib_ring_buffer *buf,
 	if (config->output != RING_BUFFER_MMAP)
 		return -EINVAL;
 
-	if (!buf)
-		return -EBADF;
-
 	mmap_buf_len = chan->backend.buf_size;
 	if (chan->backend.extra_reader_sb)
 		mmap_buf_len += chan->backend.subbuf_size;
diff --git a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c
index 1708ffd..8b78305 100644
--- a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c
+++ b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c
@@ -42,6 +42,9 @@ int lib_ring_buffer_open(struct inode *inode, struct file *file)
 	struct lib_ring_buffer *buf = inode->i_private;
 	int ret;
 
+	if (!buf)
+		return -EINVAL;
+
 	ret = lib_ring_buffer_open_read(buf);
 	if (ret)
 		return ret;
-- 
1.7.5.4

_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel





