From: Alexandr Sapozhnikov <alsp705@xxxxxxxxx>
After having been compared to NULL value at 3w-9xxx.c:1829,
pointer 'srb' is passed as 1st parameter in call to function
'scsi_sg_count' at 3w-9xxx.c:1844, where it is dereferenced.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Alexandr Sapozhnikov <alsp705@xxxxxxxxx>
---
drivers/scsi/3w-9xxx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c
index 6cb9cca..5a99294 100644
--- a/drivers/scsi/3w-9xxx.c
+++ b/drivers/scsi/3w-9xxx.c
@@ -1841,7 +1841,7 @@ static int twa_scsiop_execute_scsi(TW_Device_Extension *tw_dev, int request_id,
if (!sglistarg) {
/* Map sglist from scsi layer to cmd packet */
- if (scsi_sg_count(srb)) {
+ if (srb && scsi_sg_count(srb)) {
if (!twa_command_mapped(srb)) {
if (srb->sc_data_direction == DMA_TO_DEVICE ||
srb->sc_data_direction == DMA_BIDIRECTIONAL)
--
2.5.3
