smatch stuff: dereferencing first then checking in SendReceive()
Dan Carpenter
error27 at gmail.com
Sat Mar 19 17:28:58 MDT 2011
Smatch complains about this, but I don't know if it's a bug or not.
fs/cifs/transport.c +791 SendReceive(106)
warn: variable dereferenced before check 'midQ->resp_buf'
780 receive_len = be32_to_cpu(midQ->resp_buf->smb_buf_length);
^^^^^^^^^^^^^^^^
dereference
781
782 if (receive_len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) {
783 cERROR(1, "Frame too large received. Length: %d Xid: %d",
784 receive_len, xid);
785 rc = -EIO;
786 goto out;
787 }
788
789 /* rcvd frame is ok */
790
791 if (midQ->resp_buf && out_buf
^^^^^^^^^^^^^^
checking for null
792 && (midQ->midState == MID_RESPONSE_RECEIVED)) {
793 out_buf->smb_buf_length = cpu_to_be32(receive_len);
regards,
dan carpenter
More information about the samba-technical
mailing list