Hi,
"Gustavo A. R. Silva" <garsilva@xxxxxxxxxxxxxx> writes:
> Hello everybody,
>
> While looking into Coverity ID 145958 I ran into the following piece
> of code at drivers/usb/gadget/udc/amd5536udc.c:852:
>
> } else if (i == buf_len) {
> /* first td */
> td = (struct udc_data_dma *)phys_to_virt(
> req->td_data->next);
> td->status = 0;
> } else {
> td = (struct udc_data_dma *)phys_to_virt(last->next);
> td->status = 0;
> }
>
> if (td)
> td->bufptr = req->req.dma + i; /* assign buffer */
> else
> break;
>
> The issue here is that _td_ pointer is being dereferenced before null check.
>
> After searching for calls to phys_to_virt() function, I've noticed
> that is not common at all to test the returned address value.
>
> So either the null check at line 862 is not needed or a null check
> before each td->status = 0; needs to be added.
just remove the previous null check
--
balbi
Attachment:
signature.asc
Description: PGP signature
