On Sun, 29 Jul 2007, Domen Puncer wrote:

On 29/07/07 00:02 +0200, Jesper Juhl wrote:

quoted

Hi,

Here's a small patch, prompted by a find by the Coverity checker, 
that removes a potential NULL pointer dereference from 
drivers/net/sb1000.c::sb1000_dev_ioctl().
The checker spotted that we do a NULL test of 'dev', yet we 
dereference the pointer prior to that check.
This patch simply moves the dereference after the NULL test.

But... it can't be called without a valid 'dev', no?
A quick 'grep do_ioctl net/' confirms that all calls are in
the form of 'dev->do_ioctl(dev, ...'.

Yup, I think so too ...

quoted

@@ -991,11 +991,13 @@ static int sb1000_dev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 	short PID[4];
 	int ioaddr[2], status, frequency;
 	unsigned int stats[5];
-	struct sb1000_private *lp = netdev_priv(dev);
+	struct sb1000_private *lp;
 
 	if (!(dev && dev->flags & IFF_UP))
 		return -ENODEV;

I think we could get rid of the !dev check itself. Actually, the IFF_UP
check /also/ looks suspect to me for two reasons: (1) I remember Stephen
Hemminger once telling me dev->flags is legacy and unsafe, and one of
the netif_xxx() functions be used instead, and, (2) I wonder if we really
require the interface to be up and *running* when we do this ioctl.


Satyam