[PATCH] dereference of uninitialized pointer in zatm
From: viro
Date: Fri Sep 02 2005 - 13:47:05 EST
Fixing breakage from [NET]: Kill skb->list - original was
assign vcc
do a bunch of stuff using ZATM_VCC(vcc)->pool as common subexpression
Now we do
int pos = ZATM_VCC(vcc)->pool;
assign vcc
do a bunch of stuff
even though vcc is not even initialized when we enter that block...
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
----
diff -urN RC13-uml-checker/drivers/atm/zatm.c RC13-zatm/drivers/atm/zatm.c
--- RC13-uml-checker/drivers/atm/zatm.c 2005-09-02 03:33:39.000000000 -0400
+++ RC13-zatm/drivers/atm/zatm.c 2005-09-02 03:34:19.000000000 -0400
@@ -417,9 +417,9 @@
chan = (here[3] & uPD98401_AAL5_CHAN) >>
uPD98401_AAL5_CHAN_SHIFT;
if (chan < zatm_dev->chans && zatm_dev->rx_map[chan]) {
- int pos = ZATM_VCC(vcc)->pool;
-
+ int pos;
vcc = zatm_dev->rx_map[chan];
+ pos = ZATM_VCC(vcc)->pool;
if (skb == zatm_dev->last_free[pos])
zatm_dev->last_free[pos] = NULL;
skb_unlink(skb, zatm_dev->pool + pos);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/