From: Dan Carpenter Date: Fri, 26 Aug 2011 16:55:59 +0000 (+0300) Subject: 9p: move dereference after NULL check X-Git-Tag: firefly_0821_release~3680^2~4317^2~4 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=5635fd0ccf4ce90a9ecf8fa48f5f031f5f73e6f5;p=firefly-linux-kernel-4.4.55.git 9p: move dereference after NULL check We dereferenced "req->tc" and "req->rc" before checking for NULL. Signed-off-by: Dan Carpenter Signed-off-by: Aneesh Kumar K.V Signed-off-by: Eric Van Hensbergen --- diff --git a/net/9p/client.c b/net/9p/client.c index 305a4e719b03..9eadadb0a698 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -248,10 +248,8 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag, int max_size) init_waitqueue_head(req->wq); req->tc = kmalloc(sizeof(struct p9_fcall) + alloc_msize, GFP_NOFS); - req->tc->capacity = alloc_msize; req->rc = kmalloc(sizeof(struct p9_fcall) + alloc_msize, GFP_NOFS); - req->rc->capacity = alloc_msize; if ((!req->tc) || (!req->rc)) { printk(KERN_ERR "Couldn't grow tag array\n"); kfree(req->tc); @@ -261,6 +259,8 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag, int max_size) req->wq = NULL; return ERR_PTR(-ENOMEM); } + req->tc->capacity = alloc_msize; + req->rc->capacity = alloc_msize; req->tc->sdata = (char *) req->tc + sizeof(struct p9_fcall); req->rc->sdata = (char *) req->rc + sizeof(struct p9_fcall); }