This change is similar to 2e7dd34d11cb ('ptrlist: reading deleted items
in NEXT_PTR_LIST()'). If we use DELETE_CURRENT_PTR() then we can end up
with a list->nr that is zero meaning that we have to go back another
list->prev to find what we want. Otherwise we dereference 0xf0f0f0f0
and crash.
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
ptrlist.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ptrlist.h b/ptrlist.h
index 61e159f..6f90c8f 100644
--- a/ptrlist.h
+++ b/ptrlist.h
@@ -78,6 +78,8 @@ static inline void *last_ptr_list(struct ptr_list *list)
if (!list)
return NULL;
list = list->prev;
+ while (list->nr == 0)
+ list = list->prev;
return PTR_ENTRY(list, list->nr-1);
}
--
2.8.1
--
To unsubscribe from this list: send the line "unsubscribe linux-sparse" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
