From 48d5548fc5e5ad79ca98a287b67f403834929739 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 15 Jul 2010 10:23:10 +0200 Subject: [PATCH] orinoco_usb: potential null dereference Smatch complains that "upriv->read_urb" gets dereferenced before checking for NULL. It turns out that it's possible for "upriv->read_urb" to be NULL so I added checks around the dereferences. Also I remove an "if (upriv->bap_buf != NULL)" check because "kfree(NULL) is OK. Signed-off-by: Dan Carpenter Signed-off-by: John W. Linville --- drivers/net/wireless/orinoco/orinoco_usb.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/orinoco/orinoco_usb.c b/drivers/net/wireless/orinoco/orinoco_usb.c index 020da76c9558..b7864001e7e1 100644 --- a/drivers/net/wireless/orinoco/orinoco_usb.c +++ b/drivers/net/wireless/orinoco/orinoco_usb.c @@ -1502,16 +1502,16 @@ static inline void ezusb_delete(struct ezusb_priv *upriv) ezusb_ctx_complete(list_entry(item, struct request_context, list)); - if (upriv->read_urb->status == -EINPROGRESS) + if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS) printk(KERN_ERR PFX "Some URB in progress\n"); mutex_unlock(&upriv->mtx); - kfree(upriv->read_urb->transfer_buffer); - if (upriv->bap_buf != NULL) - kfree(upriv->bap_buf); - if (upriv->read_urb != NULL) + if (upriv->read_urb) { + kfree(upriv->read_urb->transfer_buffer); usb_free_urb(upriv->read_urb); + } + kfree(upriv->bap_buf); if (upriv->dev) { struct orinoco_private *priv = ndev_priv(upriv->dev); orinoco_if_del(priv); -- 2.34.1