On Sat, May 04, 2013 at 08:25:18PM +0300, Arto Jonsson wrote:
> Spotted by LLVM static analyser.
>
> In /usr/src/sys/dev/ic/ami.c line 499 ami_freemem(sc, am) is called. In
> the next block ami_alloc_ccbs(...) is called. If the result != 0 control
> jumps to free_mbox in line 614. This falls through to call
> ami_freemem(sc, am) again.
>
Is LLMV happy with this diff?
.... Ken
Index: ami.c
===================================================================
RCS file: /cvs/src/sys/dev/ic/ami.c,v
retrieving revision 1.223
diff -u -p -r1.223 ami.c
--- ami.c 9 Jan 2012 18:50:44 -0000 1.223
+++ ami.c 4 May 2013 23:02:16 -0000
@@ -497,6 +497,7 @@ ami_attach(struct ami_softc *sc)
}
ami_freemem(sc, am);
+ am = NULL;
if (ami_alloc_ccbs(sc, AMI_MAXCMDS + 1) != 0) {
/* error already printed */
@@ -614,7 +615,8 @@ ami_attach(struct ami_softc *sc)
free_mbox:
ami_freemem(sc, sc->sc_mbox_am);
free_idata:
- ami_freemem(sc, am);
+ if (am)
+ ami_freemem(sc, am);
return (1);
}
