[SCSI] pm8001: potential null dereference in pm8001_dev_gone_notify()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In the original code we dereferenced "pm8001_dev" before checking if it
was null. This patch moves the dereference inside the condition.

This was found by a static checker (smatch). I looked, but I couldn't
tell if "pm8001_dev" dev was ever actually null. The approach in this
patch seemed like the safest response.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Jack Wang <jack_wang@usish.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>

authored by

Dan Carpenter and committed by

James Bottomley 16 years ago 2471b894 daa142d1

+3 -1

1 changed file

expand all

drivers

scsi

pm8001

pm8001_sas.c

+3 -1

drivers/scsi/pm8001/pm8001_sas.c

··· 885 885 u32 tag; 886 886 struct pm8001_hba_info *pm8001_ha; 887 887 struct pm8001_device *pm8001_dev = dev->lldd_dev; 888 - u32 device_id = pm8001_dev->device_id; 888 + 889 889 pm8001_ha = pm8001_find_ha_by_dev(dev); 890 890 spin_lock_irqsave(&pm8001_ha->lock, flags); 891 891 pm8001_tag_alloc(pm8001_ha, &tag); 892 892 if (pm8001_dev) { 893 + u32 device_id = pm8001_dev->device_id; 894 + 893 895 PM8001_DISC_DBG(pm8001_ha, 894 896 pm8001_printk("found dev[%d:%x] is gone.\n", 895 897 pm8001_dev->device_id, pm8001_dev->dev_type));