smatch stuff: dereferencing first then checking in SendReceive()
Steve French
smfrench at gmail.com
Sat Mar 19 21:20:24 MDT 2011
On Sat, Mar 19, 2011 at 6:28 PM, Dan Carpenter <error27 at gmail.com> wrote:
> Smatch complains about this, but I don't know if it's a bug or not.
>
> fs/cifs/transport.c +791 SendReceive(106)
> warn: variable dereferenced before check 'midQ->resp_buf'
>
> 780 receive_len = be32_to_cpu(midQ->resp_buf->smb_buf_length);
> ^^^^^^^^^^^^^^^^
> dereference
> 781
> 782 if (receive_len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) {
> 783 cERROR(1, "Frame too large received. Length: %d Xid: %d",
> 784 receive_len, xid);
> 785 rc = -EIO;
> 786 goto out;
> 787 }
> 788
> 789 /* rcvd frame is ok */
> 790
> 791 if (midQ->resp_buf && out_buf
> ^^^^^^^^^^^^^^
> checking for null
>
> 792 && (midQ->midState == MID_RESPONSE_RECEIVED)) {
> 793 out_buf->smb_buf_length = cpu_to_be32(receive_len);
>
> regards,
> dan carpenter
Older kernels had the same (midQ->resp_buf == NULL)
check in the same place, and I don't see a way to get there with
midQ->resp_buf == NULL so that check on line
791 does look redundant check.
I will double check.
--
Thanks,
Steve
More information about the samba-technical
mailing list