Hi Felipe, Quoting Felipe Balbi <[email protected]>:
Hi, "Gustavo A. R. Silva" <[email protected]> writes:Hello everybody, While looking into Coverity ID 145958 I ran into the following piece of code at drivers/usb/gadget/udc/amd5536udc.c:852: } else if (i == buf_len) { /* first td */ td = (struct udc_data_dma *)phys_to_virt( req->td_data->next); td->status = 0; } else { td = (struct udc_data_dma *)phys_to_virt(last->next); td->status = 0; } if (td) td->bufptr = req->req.dma + i; /* assign buffer */ else break; The issue here is that _td_ pointer is being dereferenced before null check. After searching for calls to phys_to_virt() function, I've noticed that is not common at all to test the returned address value. So either the null check at line 862 is not needed or a null check before each td->status = 0; needs to be added.just remove the previous null check
I get it. Thanks! -- Gustavo A. R. Silva -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
