Message ID | 20110826165559.GE3775@shale.localdomain |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
On Fri, 26 Aug 2011 19:55:59 +0300, Dan Carpenter <error27@gmail.com> wrote: > We dereferenced "req->tc" and "req->rc" before checking for NULL. > > Signed-off-by: Dan Carpenter <error27@gmail.com> > > diff --git a/net/9p/client.c b/net/9p/client.c > index 3f8c046..b0bcace 100644 > --- a/net/9p/client.c > +++ b/net/9p/client.c > @@ -248,10 +248,8 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag, int max_size) > init_waitqueue_head(req->wq); > req->tc = kmalloc(sizeof(struct p9_fcall) + alloc_msize, > GFP_NOFS); > - req->tc->capacity = alloc_msize; > req->rc = kmalloc(sizeof(struct p9_fcall) + alloc_msize, > GFP_NOFS); > - req->rc->capacity = alloc_msize; > if ((!req->tc) || (!req->rc)) { > printk(KERN_ERR "Couldn't grow tag array\n"); > kfree(req->tc); > @@ -261,6 +259,8 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag, int max_size) > req->wq = NULL; > return ERR_PTR(-ENOMEM); > } > + req->tc->capacity = alloc_msize; > + req->rc->capacity = alloc_msize; > req->tc->sdata = (char *) req->tc + sizeof(struct p9_fcall); > req->rc->sdata = (char *) req->rc + sizeof(struct p9_fcall); > } Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> -aneesh -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 08/26/2011 09:55 AM, Dan Carpenter wrote: > We dereferenced "req->tc" and "req->rc" before checking for NULL. > > Signed-off-by: Dan Carpenter<error27@gmail.com> Reviewed-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> > > diff --git a/net/9p/client.c b/net/9p/client.c > index 3f8c046..b0bcace 100644 > --- a/net/9p/client.c > +++ b/net/9p/client.c > @@ -248,10 +248,8 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag, int max_size) > init_waitqueue_head(req->wq); > req->tc = kmalloc(sizeof(struct p9_fcall) + alloc_msize, > GFP_NOFS); > - req->tc->capacity = alloc_msize; > req->rc = kmalloc(sizeof(struct p9_fcall) + alloc_msize, > GFP_NOFS); > - req->rc->capacity = alloc_msize; > if ((!req->tc) || (!req->rc)) { > printk(KERN_ERR "Couldn't grow tag array\n"); > kfree(req->tc); > @@ -261,6 +259,8 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag, int max_size) > req->wq = NULL; > return ERR_PTR(-ENOMEM); > } > + req->tc->capacity = alloc_msize; > + req->rc->capacity = alloc_msize; > req->tc->sdata = (char *) req->tc + sizeof(struct p9_fcall); > req->rc->sdata = (char *) req->rc + sizeof(struct p9_fcall); > } -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/9p/client.c b/net/9p/client.c index 3f8c046..b0bcace 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -248,10 +248,8 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag, int max_size) init_waitqueue_head(req->wq); req->tc = kmalloc(sizeof(struct p9_fcall) + alloc_msize, GFP_NOFS); - req->tc->capacity = alloc_msize; req->rc = kmalloc(sizeof(struct p9_fcall) + alloc_msize, GFP_NOFS); - req->rc->capacity = alloc_msize; if ((!req->tc) || (!req->rc)) { printk(KERN_ERR "Couldn't grow tag array\n"); kfree(req->tc); @@ -261,6 +259,8 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag, int max_size) req->wq = NULL; return ERR_PTR(-ENOMEM); } + req->tc->capacity = alloc_msize; + req->rc->capacity = alloc_msize; req->tc->sdata = (char *) req->tc + sizeof(struct p9_fcall); req->rc->sdata = (char *) req->rc + sizeof(struct p9_fcall); }
We dereferenced "req->tc" and "req->rc" before checking for NULL. Signed-off-by: Dan Carpenter <error27@gmail.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html