USB: host: Eliminate NULL dereference · tjh.dev/kernel@dc6eb27

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

USB: host: Eliminate NULL dereference

The test above allows std to be NULL, so check that std is not NULL before
doing the dereference.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@r exists@
expression E,E1;
identifier f;
statement S1,S2,S3;
@@

if ((E == NULL && ...) || ...)
{
... when != if (...) S1 else S2
when != E = E1
* E->f
... when any
}
else S3
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

authored by

Julia Lawall and committed by

Greg Kroah-Hartman 15 years ago dc6eb27b 6e1c3b46

+1 -1

1 changed file

expand all

drivers

usb

host

whci

qset.c

+1 -1

drivers/usb/host/whci/qset.c

··· 475 475 || (prev_end & (WHCI_PAGE_SIZE-1)) 476 476 || (dma_addr & (WHCI_PAGE_SIZE-1)) 477 477 || std->len + WHCI_PAGE_SIZE > QTD_MAX_XFER_SIZE) { 478 - if (std->len % qset->max_packet != 0) 478 + if (std && std->len % qset->max_packet != 0) 479 479 return -EINVAL; 480 480 std = qset_new_std(whc, qset, urb, mem_flags); 481 481 if (std == NULL) {