* re: NFC: trf7970a: Handle extra byte in response to Type 5 RMB commands
@ 2015-06-23 13:07 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2015-06-23 13:07 UTC (permalink / raw)
To: mgreer; +Cc: linux-wireless
Hello Mark A. Greer,
This is a semi-automatic email about new static checker warnings.
The patch ab714817d7e8: "NFC: trf7970a: Handle extra byte in response
to Type 5 RMB commands" from Apr 24, 2015, leads to the following
Smatch complaint:
drivers/nfc/trf7970a.c:632 trf7970a_send_upstream()
error: we previously assumed 'trf->rx_skb' could be null (see line 613)
drivers/nfc/trf7970a.c
612
613 if (trf->rx_skb && !IS_ERR(trf->rx_skb) && !trf->aborting)
^^^^^^^^^^^
Check for NULL.
614 print_hex_dump_debug("trf7970a rx data: ", DUMP_PREFIX_NONE,
615 16, 1, trf->rx_skb->data, trf->rx_skb->len,
616 false);
617
618 trf->state = TRF7970A_ST_IDLE;
619
620 if (trf->aborting) {
621 dev_dbg(trf->dev, "Abort process complete\n");
622
623 if (!IS_ERR(trf->rx_skb)) {
624 kfree_skb(trf->rx_skb);
625 trf->rx_skb = ERR_PTR(-ECANCELED);
626 }
627
628 trf->aborting = false;
629 }
630
631 if (trf->adjust_resp_len) {
632 skb_trim(trf->rx_skb, trf->rx_skb->len - 1);
^^^^^^^^^^^
Patch introduces unchecked dereference inside skb_trim().
633 trf->adjust_resp_len = false;
634 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-06-23 13:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-06-23 13:07 NFC: trf7970a: Handle extra byte in response to Type 5 RMB commands Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.