* re: NFC: trf7970a: Handle extra byte in response to Type 5 RMB commands
@ 2015-06-23 13:07 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2015-06-23 13:07 UTC (permalink / raw)
To: mgreer; +Cc: linux-wireless
Hello Mark A. Greer,
This is a semi-automatic email about new static checker warnings.
The patch ab714817d7e8: "NFC: trf7970a: Handle extra byte in response
to Type 5 RMB commands" from Apr 24, 2015, leads to the following
Smatch complaint:
drivers/nfc/trf7970a.c:632 trf7970a_send_upstream()
error: we previously assumed 'trf->rx_skb' could be null (see line 613)
drivers/nfc/trf7970a.c
612
613 if (trf->rx_skb && !IS_ERR(trf->rx_skb) && !trf->aborting)
^^^^^^^^^^^
Check for NULL.
614 print_hex_dump_debug("trf7970a rx data: ", DUMP_PREFIX_NONE,
615 16, 1, trf->rx_skb->data, trf->rx_skb->len,
616 false);
617
618 trf->state = TRF7970A_ST_IDLE;
619
620 if (trf->aborting) {
621 dev_dbg(trf->dev, "Abort process complete\n");
622
623 if (!IS_ERR(trf->rx_skb)) {
624 kfree_skb(trf->rx_skb);
625 trf->rx_skb = ERR_PTR(-ECANCELED);
626 }
627
628 trf->aborting = false;
629 }
630
631 if (trf->adjust_resp_len) {
632 skb_trim(trf->rx_skb, trf->rx_skb->len - 1);
^^^^^^^^^^^
Patch introduces unchecked dereference inside skb_trim().
633 trf->adjust_resp_len = false;
634 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-06-23 13:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-23 13:07 NFC: trf7970a: Handle extra byte in response to Type 5 RMB commands Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).