> -----Original Message-----
> From: Stephen Hemminger [mailto:step...@networkplumber.org]
> Sent: Monday, July 15, 2019 12:06 PM
> To: Zhang, Xiao <xiao.zh...@intel.com>
> Cc: dev@dpdk.org; Zhang, Qi Z <qi.z.zh...@intel.com>; Wang, Xiao W
> <xiao.w.w...@intel.com>; Xing, Beilei <beilei.x...@intel.com>; Lu, Wenzhuo
> <wenzhuo...@intel.com>; Yang, Qiming <qiming.y...@intel.com>; Ananyev,
> Konstantin <konstantin.anan...@intel.com>; Wu, Jingjing
> <jingjing...@intel.com>
> Subject: Re: [dpdk-dev] [DPDK] drivers/net: fix dereference after null check
> coverity
>
> On Sat, 13 Jul 2019 00:39:47 +0800
> Xiao Zhang <xiao.zh...@intel.com> wrote:
>
> > This patch tries to fix the coverity issues of dereference after null
> > check.
> >
> > Coverity issue: 343452
> > Coverity issue: 343447
> > Coverity issue: 343422
> > Coverity issue: 343416
> > Coverity issue: 343407
> > Coverity issue: 343403
> > Coverity issue: 13245
> >
> > Signed-off-by: Xiao Zhang <xiao.zh...@intel.com>
>
> I think this should be fixed deeper in the vector code.
>
> Example for ixgbe.
>
>
> static inline uint16_t
> reassemble_packets(struct ixgbe_rx_queue *rxq, struct rte_mbuf **rx_bufs,
> uint16_t nb_bufs, uint8_t *split_flags) {
> struct rte_mbuf *pkts[nb_bufs]; /*finished pkts*/
> struct rte_mbuf *start = rxq->pkt_first_seg;
>
> So start is rxq->pkt_first_seg.
>
> But caller has already checked for NULL here.
> It has iterated across the first packets but not updated rxq->first_seg.
Yes, this seems to be a bug but not a coverity issue. I will fix it.
> if (rxq->pkt_first_seg == NULL) {
> /* find the first split flag, and only reassemble then*/
> while (i < nb_bufs && !split_flags[i])
> i++;
> if (i == nb_bufs)
> return nb_bufs;
> }
> return i + reassemble_packets(rxq, &rx_pkts[i], nb_bufs - i,
