From: Julia Lawall <julia@xxxxxxx> Since chan0 must be a valid pointer at this point, it seems very unlikely that ch could be NULL. If ch could be NULL, without channel >= bd->numports, then something else has to be done to avoid the NULL pointer dereference in the subsequent initialization of bc. The semantic match that finds the problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @r exists@ expression E, E1; identifier f; statement S1,S3; iterator iter; @@ if ((E == NULL && ...) || ...) { ... when != false ((E == NULL && ...) || ...) when != true ((E != NULL && ...) || ...) when != iter(E,...) S1 when != E = E1 ( sizeof(E->f) | * E->f ) ... when any return ...; } else S3 // </smpl> Signed-off-by: Julia Lawall <julia@xxxxxxx> --- drivers/char/epca.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/char/epca.c b/drivers/char/epca.c index 17b044a..ea78e6f 100644 --- a/drivers/char/epca.c +++ b/drivers/char/epca.c @@ -1500,9 +1500,8 @@ static void doevent(int crd) lstat = readb(eventbuf + 3); ch = chan0 + channel; - if ((unsigned)channel >= bd->numports || !ch) { - if (channel >= bd->numports) - ch = chan0; + if ((unsigned)channel >= bd->numports) { + ch = chan0; bc = ch->brdchan; goto next; } -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
