luck/tmp_suning_uos_patched
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

orinoco_usb: potential null dereference

Browse Source 
Smatch complains that "upriv->read_urb" gets dereferenced before
checking for NULL.  It turns out that it's possible for
"upriv->read_urb" to be NULL so I added checks around the dereferences.

Also I remove an "if (upriv->bap_buf != NULL)" check because
"kfree(NULL) is OK.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Dan Carpenter 2010-07-15 10:23:10 +02:00 committed by John W. Linville
parent 9171acc7e0
commit 48d5548fc5
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
drivers/net/wireless/orinoco/orinoco_usb.c
View File

@ -1502,16 +1502,16 @@ static inline void ezusb_delete(struct ezusb_priv *upriv)
ezusb_ctx_complete(list_entry(item,
struct request_context, list));
if (upriv->read_urb->status == -EINPROGRESS)
if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS)
printk(KERN_ERR PFX "Some URB in progress\n");
mutex_unlock(&upriv->mtx);
kfree(upriv->read_urb->transfer_buffer);
if (upriv->bap_buf != NULL)
kfree(upriv->bap_buf);
if (upriv->read_urb != NULL)
if (upriv->read_urb) {
kfree(upriv->read_urb->transfer_buffer);
usb_free_urb(upriv->read_urb);
}
kfree(upriv->bap_buf);
if (upriv->dev) {
struct orinoco_private *priv = ndev_priv(upriv->dev);
orinoco_if_del(priv);