Re: [linux-usb-devel] drivers/usb/gadget/ether.c: NULL dereference

[Adrian Bunk]

On Sat, Nov 11, 2006 at 10:35:48PM -0800, David Brownell wrote:
> On Saturday 11 November 2006 8:06 am, Adrian Bunk wrote:
> > The Coverity checker spotted the following NULL dereference of "skb" in 
> > drivers/usb/gadget/ether.c:
> 
> I don't see such a dereference.  As usual, free(NULL) is legit.
>...


void dev_kfree_skb_any(struct sk_buff *skb)
{
        if (in_irq() || irqs_disabled())
                dev_kfree_skb_irq(skb);
        else
                dev_kfree_skb(skb);
}


And the first thing dev_kfree_skb_irq() does is to dereference skb...


> > <--  snip  -->
> > 
> > ...
> > static int
> > rx_submit (struct eth_dev *dev, struct usb_request *req, gfp_t gfp_flags)
> > {
> >         struct sk_buff          *skb;
> >         int                     retval = -ENOMEM;
> > ...
> >         if ((skb = alloc_skb (size + NET_IP_ALIGN, gfp_flags)) == 0) {
> >                 DEBUG (dev, "no rx skb\n");
> >                 goto enomem;
> >         }
> > ...
> > enomem:
> >                 defer_kevent (dev, WORK_RX_MEMORY);
> >         if (retval) {
> >                 DEBUG (dev, "rx submit --> %d\n", retval);
> >                 dev_kfree_skb_any (skb);
> > ...
> > 
> > <--  snip  -->
> > 
> > cu
> > Adrian
> > 

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/