In sym_alloc_ccb(), if sym_calloc_dma() call fails, the code tries to call
sym_mfree_dma() on the cp local variable which is still NULL at this point.
Get rid of the meaningless code under the out_free label and, while at it,
get rid of the useless cp variable initializer...
Found by Linux Verification Center (linuxtesting.org) with the Svace static
analysis tool.
Signed-off-by: Sergey Shtylyov <s.shtylyov@xxxxxx>
---
The patch is against the for-next branch of Martin Petersen's scsi.git repo.
drivers/scsi/sym53c8xx_2/sym_hipd.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
Index: scsi/drivers/scsi/sym53c8xx_2/sym_hipd.c
===================================================================
--- scsi.orig/drivers/scsi/sym53c8xx_2/sym_hipd.c
+++ scsi/drivers/scsi/sym53c8xx_2/sym_hipd.c
@@ -4862,7 +4862,7 @@ void sym_free_ccb (struct sym_hcb *np, s
*/
static struct sym_ccb *sym_alloc_ccb(struct sym_hcb *np)
{
- struct sym_ccb *cp = NULL;
+ struct sym_ccb *cp;
int hcode;
/*
@@ -4877,7 +4877,7 @@ static struct sym_ccb *sym_alloc_ccb(str
*/
cp = sym_calloc_dma(sizeof(struct sym_ccb), "CCB");
if (!cp)
- goto out_free;
+ return NULL;
/*
* Count it.
@@ -4919,10 +4919,6 @@ static struct sym_ccb *sym_alloc_ccb(str
sym_insque_head(&cp->link2_ccbq, &np->dummy_ccbq);
#endif
return cp;
-out_free:
- if (cp)
- sym_mfree_dma(cp, sizeof(*cp), "CCB");
- return NULL;
}
/*
