hi,
another dereference spotted by the coverity checker (cid #1395)
In case we cant alloc the vq_req, we goto bail1, where we
call vq_req_free(c2dev, vq_req); which then dereferences vq_req().
Signed-off-by: Eric Sesterhenn <[email protected]>
--- linux-2.6.18-git5/drivers/infiniband/hw/amso1100/c2_cm.c.orig 2006-09-26 12:36:56.000000000 +0200
+++ linux-2.6.18-git5/drivers/infiniband/hw/amso1100/c2_cm.c 2006-09-26 12:37:19.000000000 +0200
@@ -302,7 +302,7 @@ int c2_llp_accept(struct iw_cm_id *cm_id
vq_req = vq_req_alloc(c2dev);
if (!vq_req) {
err = -ENOMEM;
- goto bail1;
+ goto bail0;
}
vq_req->qp = qp;
vq_req->cm_id = cm_id;