Return value of a function 'xdr_inline_decode' is dereferenced at nfs4xdr.c:5540 without checking for null, ut it is usually checked for this function Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Denis Arefev <arefev@xxxxxxxxx> --- fs/nfs/nfs4xdr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index c6dbfcae7517..571cc63ecb61 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c @@ -5533,6 +5533,8 @@ static int decode_op_map(struct xdr_stream *xdr, struct nfs4_op_map *op_map) if (bitmap_words > NFS4_OP_MAP_NUM_WORDS) return -EIO; p = xdr_inline_decode(xdr, 4 * bitmap_words); + if (!p) + return -EIO; for (i = 0; i < bitmap_words; i++) op_map->u.words[i] = be32_to_cpup(p++); -- 2.25.1
