From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:57387)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@siemens.com>) id 1T9D8z-0006Yr-9P
	for qemu-devel@nongnu.org; Wed, 05 Sep 2012 06:47:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jan.kiszka@siemens.com>) id 1T9D8y-0008QT-0m
	for qemu-devel@nongnu.org; Wed, 05 Sep 2012 06:47:37 -0400
Message-ID: <50472DC5.50402@siemens.com>
Date: Wed, 05 Sep 2012 12:47:33 +0200
From: Jan Kiszka <jan.kiszka@siemens.com>
MIME-Version: 1.0
References: <1346793636-23689-1-git-send-email-sw@weilnetz.de>
	<1346793636-23689-3-git-send-email-sw@weilnetz.de>
In-Reply-To: <1346793636-23689-3-git-send-email-sw@weilnetz.de>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 2/2] slirp: Fix error reported by static
	code analysis
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Weil <sw@weilnetz.de>
Cc: "peter.maydell@linaro.org" <peter.maydell@linaro.org>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, qemu-stable <qemu-stable@nongnu.org>

On 2012-09-04 23:20, Stefan Weil wrote:
> Report from smatch:
> 
> slirp/tcp_subr.c:127 tcp_respond(17) error:
>  we previously assumed 'tp' could be null (see line 124)
> 
> Return if 'tp' is NULL.
> 
> Signed-off-by: Stefan Weil <sw@weilnetz.de>
> ---
>  slirp/tcp_subr.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
> index 5890d7a..1542e43 100644
> --- a/slirp/tcp_subr.c
> +++ b/slirp/tcp_subr.c
> @@ -124,7 +124,7 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct mbuf *m,
>  	if (tp)
>  		win = sbspace(&tp->t_socket->so_rcv);
>          if (m == NULL) {
> -		if ((m = m_get(tp->t_socket->slirp)) == NULL)
> +		if (!tp || (m = m_get(tp->t_socket->slirp)) == NULL)
>  			return;
>  		tlen = 0;
>  		m->m_data += IF_MAXLINKHDR;
> 

I suppose this is also stable material, therefore extending CC.

Jan

-- 
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux