Hi,
Coverty complains that we check top == NULL and further down in
m_getuio() we access top->m_pkthdr.len without check. See CID
1452933.
In fact top cannot be NULL there. top is initialized with NULL and
nextp is set to &top. m is allocated with M_WAIT, so it is not
NULL. When the loop is traversed for the first time, m is assigned
to *nextp, so top is not NULL anymore.
That means that the top == NULL check is wrong as it is always true.
We reserve some space in every mbuf and not only at the beginning
of the chain. The correct check wheter we are at the first mbuf
would be m == top.
ok?
bluhm
Index: kern/uipc_socket.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/uipc_socket.c,v
retrieving revision 1.203
diff -u -p -r1.203 uipc_socket.c
--- kern/uipc_socket.c 1 Sep 2017 15:05:31 -0000 1.203
+++ kern/uipc_socket.c 7 Sep 2017 20:53:23 -0000
@@ -540,7 +540,7 @@ m_getuio(struct mbuf **mp, int atomic, l
* For datagram protocols, leave room
* for protocol headers in first mbuf.
*/
- if (atomic && top == NULL && len < mlen - max_hdr)
+ if (atomic && m == top && len < mlen - max_hdr)
m->m_data += max_hdr;
} else {
nopages:
@@ -549,7 +549,7 @@ nopages:
* For datagram protocols, leave room
* for protocol headers in first mbuf.
*/
- if (atomic && top == NULL && len < mlen - max_hdr)
+ if (atomic && m == top && len < mlen - max_hdr)
MH_ALIGN(m, len);
}
