From: Eric Sesterhenn Date: Mon, 26 Jun 2006 06:41:15 +0000 (-0700) Subject: [TIPC] Fix for NULL pointer dereference X-Git-Tag: firefly_0821_release~34991^2~33 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=3ac90216abc7d39e694533aec2805efeb06bf8ac;p=firefly-linux-kernel-4.4.55.git [TIPC] Fix for NULL pointer dereference This fixes a bug spotted by the coverity checker, bug id #366. If (mod(seqno - prev) != 1) we set buf to NULL, dereference it in the for case, and set it to whatever value happes to be at adress 0+next, if it happens to be non-zero, we even stay in the loop. It seems that the author intended to break there. Signed-off-by: Eric Sesterhenn Signed-off-by: Per Liden Signed-off-by: David S. Miller --- diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c index 00691b7c35f8..44645f56377e 100644 --- a/net/tipc/bcast.c +++ b/net/tipc/bcast.c @@ -349,8 +349,10 @@ static void tipc_bclink_peek_nack(u32 dest, u32 sender_tag, u32 gap_after, u32 g for (; buf; buf = buf->next) { u32 seqno = buf_seqno(buf); - if (mod(seqno - prev) != 1) + if (mod(seqno - prev) != 1) { buf = NULL; + break; + } if (seqno == gap_after) break; prev = seqno;