[ofa-general] Suspicious code in schedule_nes_timer()
Roland Dreier
rdreier at cisco.com
Sat Nov 1 11:44:13 PDT 2008
schedule_nes_timer() starts as follows. Observe a couple of things:
int schedule_nes_timer(struct nes_cm_node *cm_node, struct sk_buff *skb,
enum nes_timer_type type, int send_retrans,
int close_when_complete)
{
unsigned long flags;
struct nes_cm_core *cm_core = cm_node->cm_core;
>>> cm_node is directly dereferenced here...
struct nes_timer_entry *new_send;
int ret = 0;
u32 was_timer_set;
if (!cm_node)
return -EINVAL;
>>> and then later tested for NULL...
so if cm_node is NULL, then the code will oops before it hits the return
-EINVAL. It seems that callers must guarantee that cm_node isn't NULL,
so it would make sense to delete the "if (!cm_node)" test, right?
- R.
More information about the general
mailing list