From: Julia Lawall Date: Mon, 12 May 2008 13:38:26 +0000 (+0200) Subject: drivers/net/fs_enet: remove null pointer dereference X-Git-Tag: v2.6.26-rc4~7^2~1^2~7 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ecc8c066f3cecb55807644a01435084d8ed638a;p=linux-2.6 drivers/net/fs_enet: remove null pointer dereference The following code appears in the function fs_init_instance in the file drivers/net/fs_enet/fs_enet-main.c. if (fep->ops == NULL) { printk(KERN_ERR DRV_MODULE_NAME ": %s No matching ops found (%d).\n", ndev->name, fpi->fs_no); err = -EINVAL; goto err; } This code implies that at the point of err, fep->ops can be NULL, so an extra test is needed before dereferencing this value. This problem was found using the following semantic match (http://www.emn.fr/x-info/coccinelle/) // @@ expression E, E1; identifier f; statement S1,S2,S3; @@ * if (E == NULL) { ... when != if (E == NULL) S1 else S2 when != E = E1 * E->f ... when any return ...; } else S3 // Signed-off-by: Julia Lawall Signed-off-by: Jeff Garzik --- diff --git a/drivers/net/fs_enet/fs_enet-main.c b/drivers/net/fs_enet/fs_enet-main.c index 67b4b0728f..a5baaf59ff 100644 --- a/drivers/net/fs_enet/fs_enet-main.c +++ b/drivers/net/fs_enet/fs_enet-main.c @@ -1093,7 +1093,7 @@ err: if (registered) unregister_netdev(ndev); - if (fep != NULL) { + if (fep && fep->ops) { (*fep->ops->free_bd)(ndev); (*fep->ops->cleanup_data)(ndev); }