From: Julia Lawall <julia@xxxxxxx> The test above allows std to be NULL, so check that std is not NULL before doing the dereference. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @r exists@ expression E,E1; identifier f; statement S1,S2,S3; @@ if ((E == NULL && ...) || ...) { ... when != if (...) S1 else S2 when != E = E1 * E->f ... when any } else S3 // </smpl> Signed-off-by: Julia Lawall <julia@xxxxxxx> --- diff --git a/drivers/usb/host/whci/qset.c b/drivers/usb/host/whci/qset.c index ab5a14f..dc0ab83 100644 --- a/drivers/usb/host/whci/qset.c +++ b/drivers/usb/host/whci/qset.c @@ -475,7 +475,7 @@ static int qset_add_urb_sg(struct whc *whc, struct whc_qset *qset, struct urb *u || (prev_end & (WHCI_PAGE_SIZE-1)) || (dma_addr & (WHCI_PAGE_SIZE-1)) || std->len + WHCI_PAGE_SIZE > QTD_MAX_XFER_SIZE) { - if (std->len % qset->max_packet != 0) + if (std && std->len % qset->max_packet != 0) return -EINVAL; std = qset_new_std(whc, qset, urb, mem_flags); if (std == NULL) { -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html