* re: ipc: cleanup do_msgrcv() aroung MSG_COPY feature
@ 2012-11-05 11:21 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2012-11-05 11:21 UTC (permalink / raw)
To: kernel-janitors
Hello Stanislav Kinsbursky,
This is a semi-automatic email about new static checker warnings.
The patch 6645154dd758: "ipc: cleanup do_msgrcv() aroung MSG_COPY
feature" from Nov 3, 2012, leads to the following Smatch complaint:
ipc/msg.c:878 do_msgrcv()
error: we previously assumed 'msg' could be null (see line 865)
ipc/msg.c
861 } else if (msgflg & MSG_COPY) {
862 msg = fill_copy(copy_number,
863 msg_counter,
864 walk_msg, copy);
865 if (msg)
^^^^
New check. fill_copy() either returns an error pointer, a valid pointer
or NULL.
866 break;
867 } else
868 break;
869 msg_counter++;
870 }
871 tmp = tmp->next;
872 }
873 if (!IS_ERR(msg)) {
874 /*
875 * Found a suitable message.
876 * Unlink it from the queue.
877 */
878 if ((bufsz < msg->m_ts) && !(msgflg & MSG_NOERROR)) {
^^^^^
Old dereference.
879 msg = ERR_PTR(-E2BIG);
880 goto out_unlock;
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2012-11-05 11:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-11-05 11:21 ipc: cleanup do_msgrcv() aroung MSG_COPY feature Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox