On Fri, 2007-05-18 at 14:09 -0400, John W. Linville wrote:

On Wed, May 16, 2007 at 05:01:27PM -0400, Florin Malita wrote:

quoted

In libertas_process_rxed_packet() and process_rxed_802_11_packet() the 
skb is dereferenced after being passed to netif_rx (called from 
libertas_upload_rx_packet). Spotted by Coverity (1658, 1659).

 
Relocating the libertas_upload_rx_packet call is fine, but...

quoted

Also, libertas_upload_rx_packet() unconditionally returns 0 so the error 
check is dead code - might as well take it out.

Is this merely an implementation detail?  Or an absolute fact?
If the former is true, then we should preserve the error
checking.  If the latter, then we should change the signature of
libertas_upload_rx_packet to return void.

According to the comments, netif_rx always succeeds.  I think we should
just change the return type to void since there's nothing else in that
function that can fail.

Dan

quoted

Signed-off-by: Florin Malita <redacted>

quoted

	lbs_pr_debug(1, "RX Data: size of actual packet = %d\n", skb->len);
-	if (libertas_upload_rx_packet(priv, skb)) {
-		lbs_pr_debug(1, "RX error: libertas_upload_rx_packet"
-		       " returns failure\n");
-		ret = -1;
-		goto done;
-	}
	priv->stats.rx_bytes += skb->len;
	priv->stats.rx_packets++;

+	libertas_upload_rx_packet(priv, skb);
+
	ret = 0;
done:
	LEAVE();

Another potential patch is to remove the "ret = 0" line before the
"done" label, since ret is initialized at the head of the function.
Come to think of it, you can probably remove the "= 0" part of ret's
declaration as well (in both functions).

Hth!

John

P.S.  Also, please make sure to send wireless patches to
linux-wireless@vger.kernel.org and CC me.