hi,
coverity reports a lot of REVERSE_INULL bugs of the following type
( example from drivers/char/synclink.c )
----snip---8<----
2039 static void mgsl_put_char(struct tty_struct *tty, unsigned char
ch)
2040 {
Event deref_ptr: Directly dereferenced pointer "tty"
Also see events: [check_after_deref]
2041 struct mgsl_struct *info = (struct mgsl_struct *)tty->driver_data;
2042 unsigned long flags;
2043
At conditional (1): "debug_level >= 3" taking true path
2044 if ( debug_level >= DEBUG_LEVEL_INFO ) {
2045 printk( "%s(%d):mgsl_put_char(%d) on %s\n",
2046 __FILE__,__LINE__,ch,info->device_name);
2047 }
2048
At conditional (2): "mgsl_paranoia_check != 0" taking false path
2049 if (mgsl_paranoia_check(info, tty->name, "mgsl_put_char"))
2050 return;
2051
Event check_after_deref: Pointer "tty" dereferenced before NULL check
Also see events: [deref_ptr]
2052 if (!tty || !info->xmit_buf)
2053 return;
-----snap--8<---
Are these really an issue? We just read from strange memory locations,
but never write to them as far as i can see. In userspace reading
from adress 0 usually segfaults, but i was unable to produce an
oops or bug with a kernel module by doing so. But maybe there are
architectures where we can't read from every memory location and stuff
like this should be fixed in one way or another.
Thanks for pointers
Eric
--
www.cobra-basket.de -- just my stuff
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
