On Tue, Mar 01, 2016 at 01:48:14AM +0300, Dan Carpenter wrote:
> Hello Varun Prakash,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch c49aa56e556d: "cxgbit: add cxgbit_ddp.c" from Feb 14, 2016,
> leads to the following Smatch complaint:
>
> drivers/target/iscsi/cxgbit/cxgbit_ddp.c:83 cxgbit_set_one_ppod()
> error: we previously assumed 'sg' could be null (see line 50)
>
> drivers/target/iscsi/cxgbit/cxgbit_ddp.c
> 37 static void cxgbit_set_one_ppod(struct cxgbi_pagepod *ppod,
> 38 struct cxgbi_task_tag_info *ttinfo,
> 39 struct scatterlist **sg_pp,
> 40 unsigned int *sg_off)
> 41 {
> 42 struct scatterlist *sg = sg_pp ? *sg_pp : NULL;
> 43 unsigned int offset = sg_off ? *sg_off : 0;
> 44 dma_addr_t addr = 0UL;
> 45 unsigned int len = 0;
> 46 int i;
> 47
> 48 memcpy(ppod, &ttinfo->hdr, sizeof(struct cxgbi_pagepod_hdr));
> 49
> 50 if (sg) {
> ^^
> Check for NULL.
>
> 51 addr = sg_dma_address(sg);
> 52 len = sg_dma_len(sg);
> 53 }
> 54
> 55 for (i = 0; i < PPOD_PAGES_MAX; i++) {
> 56 if (sg) {
> 57 ppod->addr[i] = cpu_to_be64(addr + offset);
> 58 offset += PAGE_SIZE;
> 59 if (offset == (len + sg->offset)) {
> 60 offset = 0;
> 61 sg = sg_next(sg);
> 62 if (sg) {
> 63 addr = sg_dma_address(sg);
> 64 len = sg_dma_len(sg);
> 65 }
> 66 }
> 67 } else {
> 68 ppod->addr[i] = 0ULL;
> 69 }
> 70 }
> 71
> 72 /*
> 73 * the fifth address needs to be repeated in the next ppod, so do
> 74 * not move sg
> 75 */
> 76 if (sg_pp) {
>
> Presumably if we check for sg_pp then it means that sg_off will be
> non-NULL as well.
>
> 77 *sg_pp = sg;
> 78 *sg_off = offset;
> 79 }
> 80
> 81 if (offset == len) {
> 82 offset = 0;
> 83 sg = sg_next(sg);
> ^^^^^^^^^^
> Dereferenced inside function call.
Yes, I will add a check for NULL before derefencing sg, thanks.
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
