On 28-05-21, 01:39, Fabio M. De Francesco wrote:
> Coccinelle detected that fw is NULL but dereferenced.
>
> static int gb_bootrom_get_firmware(struct gb_operation *op)
> {
> /* lines of code */
> if (!fw) {
> dev_err(dev, "%s: firmware not available\n", __func__);
> ret = -EINVAL;
ret is set here.
> goto unlock;
> }
> /* lines of code */
> unlock:
> unlock:
> mutex_unlock(&bootrom->mutex);
>
> queue_work:
> /* Refresh timeout */
> if (!ret && (offset + size == fw->size)) <--- here
Since we are checking for !ret here, we will never access fw and this is a bug
in the tool and not the code here.
> next_request = NEXT_REQ_READY_TO_BOOT;
> /* lines of code */
> }
>
> I really don't know if the following change may break something else:
>
> if(!ret && fw && (offset + size == fw->size))
> next_request = NEXT_REQ_READY_TO_BOOT;
>
> So, I'll leave the problem to the maintainers or to other people who know how
> the driver is supposed to manage fw == NULL.
>
> Thanks,
>
> Fabio
>
--
viresh
