From: Julia Lawall Date: Thu, 27 May 2010 16:10:08 +0000 (+0200) Subject: USB: host: Eliminate NULL dereference X-Git-Tag: v3.0~3872^2~131 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=dc6eb27bdd3d214568f7d77a317c202c10222511;p=platform%2Fkernel%2Flinux-amlogic.git USB: host: Eliminate NULL dereference The test above allows std to be NULL, so check that std is not NULL before doing the dereference. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E,E1; identifier f; statement S1,S2,S3; @@ if ((E == NULL && ...) || ...) { ... when != if (...) S1 else S2 when != E = E1 * E->f ... when any } else S3 // Signed-off-by: Julia Lawall Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/host/whci/qset.c b/drivers/usb/host/whci/qset.c index ab5a14f..dc0ab83 100644 --- a/drivers/usb/host/whci/qset.c +++ b/drivers/usb/host/whci/qset.c @@ -475,7 +475,7 @@ static int qset_add_urb_sg(struct whc *whc, struct whc_qset *qset, struct urb *u || (prev_end & (WHCI_PAGE_SIZE-1)) || (dma_addr & (WHCI_PAGE_SIZE-1)) || std->len + WHCI_PAGE_SIZE > QTD_MAX_XFER_SIZE) { - if (std->len % qset->max_packet != 0) + if (std && std->len % qset->max_packet != 0) return -EINVAL; std = qset_new_std(whc, qset, urb, mem_flags); if (std == NULL) {