From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Carpenter Subject: re: drm/i2c: tda998x: use irq for connection status and EDID read Date: Mon, 7 Jul 2014 17:22:03 +0300 Message-ID: <20140707142203.GA13469@mwanda> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by gabe.freedesktop.org (Postfix) with ESMTP id 8D5B56E397 for ; Mon, 7 Jul 2014 07:22:07 -0700 (PDT) Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: moinejf@free.fr Cc: dri-devel@lists.freedesktop.org List-Id: dri-devel@lists.freedesktop.org Hello Jean-Francois Moine, The patch 12473b7d8e60: "drm/i2c: tda998x: use irq for connection status and EDID read" from Jan 25, 2014, leads to the following static checker warning: drivers/gpu/drm/i2c/tda998x_drv.c:1199 tda998x_encoder_destroy() warn: variable dereferenced before check 'priv->cec' (see line 1194) drivers/gpu/drm/i2c/tda998x_drv.c 1188 static void 1189 tda998x_encoder_destroy(struct drm_encoder *encoder) 1190 { 1191 struct tda998x_priv *priv = to_tda998x_priv(encoder); 1192 1193 /* disable all IRQs and free the IRQ handler */ 1194 cec_write(priv, REG_CEC_RXSHPDINTENA, 0); ^^^^^^^^^^^^^^ We dereference priv->cec inside the call to cec_write(). 1195 reg_clear(priv, REG_INT_FLAGS_2, INT_FLAGS_2_EDID_BLK_RD); 1196 if (priv->hdmi->irq) 1197 free_irq(priv->hdmi->irq, priv); 1198 1199 if (priv->cec) ^^^^^^^^^ But later in the function we assume that ->cec can be NULL. 1200 i2c_unregister_device(priv->cec); 1201 drm_i2c_encoder_destroy(encoder); 1202 kfree(priv); 1203 } regards, dan carpenter