Hi,
This checker warns when the pointer returned by a "plausibly" failing
routine is not checked before being used.
It automatically builds up the list of failing routines by examining
all callsites. If a function's returned pointer is checked at more
than one callsite, the checker ensures it is always checked.
(Functions like strtok or hash-table lookups are culled from this list
by hand.)
Sometimes we are unaware of preconditions that make such checks
unnecessary, so the "errors" might still have false positives.
Junfeng & Dawson
Where the errors are:
--------------------------------------+---------------------------------------------+
| file | fn |
+--------------------------------------+---------------------------------------------+
| arch/i386/kernel/irq.c | init_irq_proc |
| arch/i386/kernel/irq.c | register_irq_proc |
| arch/i386/kernel/mtrr.c | mtrr_init |
| drivers/acpi/dispatcher/dswload.c | acpi_ds_load2_end_op |
| drivers/acpi/interpreter/amutils.c | acpi_aml_build_copy_internal_package_object |
| drivers/acpi/parser/psparse.c | acpi_ps_parse_loop |
| drivers/atm/fore200e.c | fore200e_get_esi |
| drivers/atm/zatm.c | zatm_detect |
| drivers/block/DAC960.c | DAC960_V1_ExecuteType3 |
| drivers/block/DAC960.c | DAC960_V1_ExecuteType3D |
| drivers/block/DAC960.c | DAC960_V2_ControllerInfo |
| drivers/block/DAC960.c | DAC960_V2_DeviceOperation |
| drivers/block/DAC960.c | DAC960_V2_GeneralInfo |
| drivers/block/DAC960.c | DAC960_V2_LogicalDeviceInfo |
| drivers/block/DAC960.c | DAC960_V2_PhysicalDeviceInfo |
| drivers/block/DAC960.c | DAC960_V2_ReadDeviceConfiguration |
| drivers/block/ll_rw_blk.c | blk_init_free_list |
| drivers/char/drm/context.c | drm_alloc_queue |
| drivers/char/drm/fops.c | drm_open_helper |
| drivers/char/drm/proc.c | drm_proc_init |
| drivers/char/ip2main.c | old_ip2_init |
| drivers/char/pc_keyb.c | psaux_init |
| drivers/char/rio/rio_linux.c | rio_init_datastructures |
| drivers/i2o/i2o_core.c | i2o_core_evt |
| drivers/ide/ide-probe.c | init_gendisk |
| drivers/ide/ide-probe.c | init_irq |
| drivers/ide/ide-tape.c | idetape_onstream_read_back_buffer |
| drivers/isdn/avmb1/avm_cs.c | avmcs_attach |
| drivers/isdn/avmb1/capi.c | capinc_raw_write |
| drivers/isdn/avmb1/capi.c | capi_write |
| drivers/isdn/avmb1/capidrv.c | if_readstat |
| drivers/isdn/avmb1/capidrv.c | if_sendbuf |
| drivers/md/raid5.c | grow_buffers |
| drivers/md/raid5.c | __check_consistency |
| drivers/media/video/i2c-parport.c | i2c_parport_attach |
| drivers/media/video/videodev.c | videodev_proc_create_dev |
| drivers/net/3c505.c | receive_packet |
| drivers/net/3c515.c | corkscrew_found_device |
| drivers/net/aironet4500_card.c | awc4500_isa_probe |
| drivers/net/aironet4500_card.c | awc4500_pnp_probe |
| drivers/net/defxx.c | dfx_rcv_init |
| drivers/net/dgrs.c | dgrs_found_device |
| drivers/net/pcmcia/aironet4500_cs.c | awc_attach |
| drivers/net/pcmcia/wavelan_cs.c | wavelan_attach |
| drivers/net/pcmcia/xircom_tulip_cb.c | tulip_probe1 |
| drivers/net/skfp/ess.c | ess_raf_received_pack |
| drivers/net/skfp/ess.c | ess_send_response |
| drivers/net/smc9194.c | smc_rcv |
| drivers/net/sunhme.c | happy_meal_pci_init |
| drivers/net/tokenring/ibmtr.c | ibmtr_probe1 |
| drivers/net/tokenring/lanstreamer.c | streamer_arb_cmd |
| drivers/net/tokenring/olympic.c | olympic_arb_cmd |
| drivers/net/tokenring/olympic.c | olympic_scan |
| drivers/net/tokenring/smctr.c | smctr_process_rx_packet |
| drivers/net/tokenring/smctr.c | smctr_rx_frame |
| drivers/net/tokenring/tms380tr.c | tms380tr_rcv_status_irq |
| drivers/net/wan/comx-proto-fr.c | fr_xmit |
| drivers/net/wan/lmc/lmc_proto.c | lmc_proto_init |
| drivers/pci/setup-res.c | pdev_sort_resources |
| drivers/pcmcia/bulkmem.c | setup_erase_request |
| drivers/pcmcia/bulkmem.c | setup_regions |
| drivers/pcmcia/ds.c | bind_request |
| drivers/scsi/AM53C974.c | AM53C974_init |
| drivers/scsi/gdth.c | gdth_halt |
| drivers/scsi/gdth_proc.c | gdth_get_info |
| drivers/scsi/g_NCR5380.c | generic_NCR5380_detect |
| drivers/scsi/hosts.c | scsi_register |
| drivers/scsi/NCR53c406a.c | NCR53c406a_detect |
| drivers/scsi/osst.c | osst_read_back_buffer_and_rewrite |
| drivers/scsi/osst.c | osst_reposition_and_retry |
| drivers/scsi/pci2220i.c | Pci2220i_Detect |
| drivers/scsi/qla1280.c | qla1280_detect |
| drivers/scsi/qlogicfas.c | qlogicfas_detect |
| drivers/scsi/qlogicfc.c | isp2x00_detect |
| drivers/scsi/qlogicisp.c | isp1020_detect |
| drivers/scsi/scsi_ioctl.c | ioctl_internal_command |
| drivers/scsi/scsi_proc.c | build_proc_dir_entries |
| drivers/scsi/scsi_scan.c | scan_scsis |
| drivers/scsi/scsi_scan.c | scan_scsis_single |
| drivers/scsi/sd.c | sd_init_onedisk |
| drivers/scsi/sr_ioctl.c | sr_do_ioctl |
| drivers/scsi/ultrastor.c | ultrastor_24f_detect |
| drivers/telephony/ixj.c | ixj_attach |
| drivers/usb/bluetooth.c | bluetooth_read_bulk_callback |
| drivers/usb/microtek.c | mts_scsi_detect |
| drivers/video/sis/sis_main.c | poh_new_node |
| fs/bfs/inode.c | bfs_read_super |
| fs/coda/sysctl.c | coda_sysctl_init |
| fs/coda/upcall.c | coda_upcall |
| fs/hpfs/anode.c | hpfs_add_sector_to_btree |
| fs/hpfs/anode.c | hpfs_remove_btree |
| fs/hpfs/dir.c | hpfs_lookup |
| fs/nfsd/nfsfh.c | nfsd_iget |
| fs/ntfs/dir.c | ntfs_getdir_unsorted |
| fs/ntfs/inode.c | ntfs_extend_mft |
| fs/ntfs/inode.c | ntfs_new_inode |
| fs/reiserfs/journal.c | journal_read |
| fs/udf/file.c | udf_adinicb_commit_write |
| fs/udf/file.c | udf_adinicb_readpage |
| fs/udf/file.c | udf_adinicb_writepage |
| fs/udf/namei.c | udf_symlink |
| fs/udf/partition.c | udf_fill_spartable |
| fs/udf/super.c | udf_process_sequence |
| net/atm/lec.c | lec_arp_update |
| net/atm/lec.c | lec_vcc_added |
| net/bridge/br_stp.c | br_root_selection |
| net/bridge/br_stp.c | br_should_become_root_port |
| net/irda/irproc.c | irda_proc_register |
+--------------------------------------+---------------------------------------------+
Listing:
---------------------------------------------------------
[BUG] create_proc_entry
/u2/acc/oses/linux/2.4.1/arch/i386/kernel/irq.c:1160:init_irq_proc: ERROR:NULL:1158:1160: Using unknown ptr "entry" illegally! set by 'create_proc_entry':1158
Start --->
entry = create_proc_entry("prof_cpu_mask", 0600, root_irq_dir);
Error --->
entry->nlink = 1;
entry->data = (void *)&prof_cpu_mask;
---------------------------------------------------------
[BUG] create_proc_entry can return NULL
/u2/acc/oses/linux/2.4.1/arch/i386/kernel/irq.c:1139:register_irq_proc: ERROR:NULL:1137:1139: Using unknown ptr "entry" illegally! set by 'create_proc_entry':1137
Start --->
entry = create_proc_entry("smp_affinity", 0600, irq_dir[irq]);
Error --->
entry->nlink = 1;
entry->data = (void *)(long)irq;
---------------------------------------------------------
[BUG] create_proc_entry
/u2/acc/oses/linux/2.4.1/arch/i386/kernel/mtrr.c:2075:mtrr_init: ERROR:NULL:2074:2075: Using unknown ptr "proc_root_mtrr" illegally! set by 'create_proc_entry':2074
Start --->
proc_root_mtrr = create_proc_entry ("mtrr", S_IWUSR | S_IRUGO, &proc_root);
Error --->
proc_root_mtrr->owner = THIS_MODULE;
proc_root_mtrr->proc_fops = &mtrr_fops;
---------------------------------------------------------
[BUG] acpi_ps_get_arg can return NULL
/u2/acc/oses/linux/2.4.1/drivers/acpi/dispatcher/dswload.c:467:acpi_ds_load2_end_op: ERROR:NULL:450:467: Using unknown ptr "arg" illegally! set by 'acpi_ps_get_arg':450
Start --->
arg = acpi_ps_get_arg (op, 3);
}
else {
/* Create Bit/Byte/Word/Dword field */
... DELETED 9 lines ...
arg->value.string,
INTERNAL_TYPE_DEF_ANY,
IMODE_LOAD_PASS1,
NS_NO_UPSEARCH | NS_DONT_OPEN_SCOPE,
Error --->
walk_state, &(new_node));
---------------------------------------------------------
[BUG] same with the previous one
/u2/acc/oses/linux/2.4.1/drivers/acpi/dispatcher/dswload.c:467:acpi_ds_load2_end_op: ERROR:NULL:455:467: Using unknown ptr "arg" illegally! set by 'acpi_ps_get_arg':455
Start --->
arg = acpi_ps_get_arg (op, 2);
}
/*
* Enter the Name_string into the namespace
... DELETED 4 lines ...
arg->value.string,
INTERNAL_TYPE_DEF_ANY,
IMODE_LOAD_PASS1,
NS_NO_UPSEARCH | NS_DONT_OPEN_SCOPE,
Error --->
walk_state, &(new_node));
---------------------------------------------------------
[BUG] acpi_cm_create_internal_object can return NULL. Call chain is acpi_cm_create_internal_object -> _cm_allocate_object_desc -> _cm_callocate -> acpi_os_callocate -> acpi_os_allocate ->kmalloc
/u2/acc/oses/linux/2.4.1/drivers/acpi/interpreter/amutils.c:472:acpi_aml_build_copy_internal_package_object: ERROR:NULL:468:472: Using unknown ptr "this_dest_obj" illegally! set by '_cm_create_internal_object':468
Start --->
this_dest_obj = acpi_cm_create_internal_object (ACPI_TYPE_PACKAGE);
level_ptr->dest_obj->package.elements[this_index] = this_dest_obj;
Error --->
this_dest_obj->common.type = ACPI_TYPE_PACKAGE;
this_dest_obj->package.count = this_dest_obj->package.count;
---------------------------------------------------------
[BUG] acpi_cm_create_internal_object can return NULL. Call chain is acpi_cm_create_internal_object -> _cm_allocate_object_desc -> _cm_callocate -> acpi_os_callocate -> acpi_os_allocate ->kmalloc
/u2/acc/oses/linux/2.4.1/drivers/acpi/interpreter/amutils.c:472:acpi_aml_build_copy_internal_package_object: ERROR:NULL:492:472: Using unknown ptr "this_dest_obj" illegally! set by '_cm_create_internal_object':492
Error --->
this_dest_obj->common.type = ACPI_TYPE_PACKAGE;
this_dest_obj->package.count = this_dest_obj->package.count;
/*
* Save space for the array of objects (Package elements)
... DELETED 12 lines ...
} /* if object is a package */
else {
Start --->
this_dest_obj = acpi_cm_create_internal_object (
this_source_obj->common.type);
---------------------------------------------------------
[BUG] if walk_state->descending_callback != NULL, op is unknown( line 710 )
/u2/acc/oses/linux/2.4.1/drivers/acpi/parser/psparse.c:655:acpi_ps_parse_loop: ERROR:NULL:681:655: Using NULL ptr "op" illegally! set by 'acpi_ps_alloc_op':681
Error --->
if (op->opcode == AML_REGION_OP) {
deferred_op = acpi_ps_to_extended_op (op);
if (deferred_op) {
/*
* Defer final parsing of an Operation_region body,
... DELETED 18 lines ...
else {
/* Not a named opcode, just allocate Op and append to parent */
Start --->
op = acpi_ps_alloc_op (opcode);
if (!op) {
---------------------------------------------------------
[BUG] fore200e_kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/atm/fore200e.c:2032:fore200e_get_esi: ERROR:NULL:2020:2032: Using unknown ptr "prom" illegally! set by 'fore200e_kmalloc':2020
Start --->
struct prom_data* prom = fore200e_kmalloc(sizeof(struct prom_data), GFP_KERNEL | GFP_DMA);
int ok, i;
ok = fore200e->bus->prom_read(fore200e, prom);
if (ok < 0)
... DELETED 4 lines ...
fore200e->name,
(prom->hw_revision & 0xFF) + '@', /* probably meaningless with SBA boards */
prom->serial_number & 0xFFFF,
prom->mac_addr[ 2 ], prom->mac_addr[ 3 ], prom->mac_addr[ 4 ],
Error --->
prom->mac_addr[ 5 ], prom->mac_addr[ 6 ], prom->mac_addr[ 7 ]);
---------------------------------------------------------
[BUG] break the while loop, but not the for loop
/u2/acc/oses/linux/2.4.1/drivers/atm/zatm.c:1817:zatm_detect: ERROR:NULL:1804:1817: Using NULL ptr "zatm_dev" illegally! set by 'kmalloc':1804
Start --->
GFP_KERNEL);
if (!zatm_dev) return -ENOMEM;
devs = 0;
for (type = 0; type < 2; type++) {
struct pci_dev *pci_dev;
... DELETED 5 lines ...
pci_dev))) {
if (pci_enable_device(pci_dev)) break;
dev = atm_dev_register(DEV_LABEL,&ops,-1,NULL);
if (!dev) break;
Error --->
zatm_dev->pci_dev = pci_dev;
ZATM_DEV(dev) = zatm_dev;
---------------------------------------------------------
[BUG] DAC960_AllocateCommand can return NULL
/u2/acc/oses/linux/2.4.1/drivers/block/DAC960.c:512:DAC960_V1_ExecuteType3: ERROR:NULL:508:512: Using unknown ptr "Command" illegally! set by 'DAC960_AllocateCommand':508
Start --->
DAC960_Command_T *Command = DAC960_AllocateCommand(Controller);
DAC960_V1_CommandMailbox_T *CommandMailbox = &Command->V1.CommandMailbox;
DAC960_V1_CommandStatus_T CommandStatus;
DAC960_V1_ClearCommand(Command);
Error --->
Command->CommandType = DAC960_ImmediateCommand;
CommandMailbox->Type3.CommandOpcode = CommandOpcode;
---------------------------------------------------------
[BUG] DAC960_AllocateCommand
/u2/acc/oses/linux/2.4.1/drivers/block/DAC960.c:538:DAC960_V1_ExecuteType3D: ERROR:NULL:534:538: Using unknown ptr "Command" illegally! set by 'DAC960_AllocateCommand':534
Start --->
DAC960_Command_T *Command = DAC960_AllocateCommand(Controller);
DAC960_V1_CommandMailbox_T *CommandMailbox = &Command->V1.CommandMailbox;
DAC960_V1_CommandStatus_T CommandStatus;
DAC960_V1_ClearCommand(Command);
Error --->
Command->CommandType = DAC960_ImmediateCommand;
CommandMailbox->Type3D.CommandOpcode = CommandOpcode;
---------------------------------------------------------
[BUG] DAC960_AllocateCommand
/u2/acc/oses/linux/2.4.1/drivers/block/DAC960.c:603:DAC960_V2_ControllerInfo: ERROR:NULL:599:603: Using unknown ptr "Command" illegally! set by 'DAC960_AllocateCommand':599
Start --->
DAC960_Command_T *Command = DAC960_AllocateCommand(Controller);
DAC960_V2_CommandMailbox_T *CommandMailbox = &Command->V2.CommandMailbox;
DAC960_V2_CommandStatus_T CommandStatus;
DAC960_V2_ClearCommand(Command);
Error --->
Command->CommandType = DAC960_ImmediateCommand;
CommandMailbox->ControllerInfo.CommandOpcode = DAC960_V2_IOCTL;
---------------------------------------------------------
[BUG] DAC960_AllocateCommand
/u2/acc/oses/linux/2.4.1/drivers/block/DAC960.c:730:DAC960_V2_DeviceOperation: ERROR:NULL:726:730: Using unknown ptr "Command" illegally! set by 'DAC960_AllocateCommand':726
Start --->
DAC960_Command_T *Command = DAC960_AllocateCommand(Controller);
DAC960_V2_CommandMailbox_T *CommandMailbox = &Command->V2.CommandMailbox;
DAC960_V2_CommandStatus_T CommandStatus;
DAC960_V2_ClearCommand(Command);
Error --->
Command->CommandType = DAC960_ImmediateCommand;
CommandMailbox->DeviceOperation.CommandOpcode = DAC960_V2_IOCTL;
---------------------------------------------------------
[BUG] DAC960_AllocateCommand
/u2/acc/oses/linux/2.4.1/drivers/block/DAC960.c:565:DAC960_V2_GeneralInfo: ERROR:NULL:561:565: Using unknown ptr "Command" illegally! set by 'DAC960_AllocateCommand':561
Start --->
DAC960_Command_T *Command = DAC960_AllocateCommand(Controller);
DAC960_V2_CommandMailbox_T *CommandMailbox = &Command->V2.CommandMailbox;
DAC960_V2_CommandStatus_T CommandStatus;
DAC960_V2_ClearCommand(Command);
Error --->
Command->CommandType = DAC960_ImmediateCommand;
CommandMailbox->Common.CommandOpcode = DAC960_V2_IOCTL;
---------------------------------------------------------
[BUG] DAC960_AllocateCommand
/u2/acc/oses/linux/2.4.1/drivers/block/DAC960.c:645:DAC960_V2_LogicalDeviceInfo: ERROR:NULL:641:645: Using unknown ptr "Command" illegally! set by 'DAC960_AllocateCommand':641
Start --->
DAC960_Command_T *Command = DAC960_AllocateCommand(Controller);
DAC960_V2_CommandMailbox_T *CommandMailbox = &Command->V2.CommandMailbox;
DAC960_V2_CommandStatus_T CommandStatus;
DAC960_V2_ClearCommand(Command);
Error --->
Command->CommandType = DAC960_ImmediateCommand;
CommandMailbox->LogicalDeviceInfo.CommandOpcode = DAC960_V2_IOCTL;
---------------------------------------------------------
[BUG] DAC960_AllocateCommand
/u2/acc/oses/linux/2.4.1/drivers/block/DAC960.c:689:DAC960_V2_PhysicalDeviceInfo: ERROR:NULL:685:689: Using unknown ptr "Command" illegally! set by 'DAC960_AllocateCommand':685
Start --->
DAC960_Command_T *Command = DAC960_AllocateCommand(Controller);
DAC960_V2_CommandMailbox_T *CommandMailbox = &Command->V2.CommandMailbox;
DAC960_V2_CommandStatus_T CommandStatus;
DAC960_V2_ClearCommand(Command);
Error --->
Command->CommandType = DAC960_ImmediateCommand;
CommandMailbox->PhysicalDeviceInfo.CommandOpcode = DAC960_V2_IOCTL;
---------------------------------------------------------
[BUG] DAC960_AllocateCommand
/u2/acc/oses/linux/2.4.1/drivers/block/DAC960.c:1442:DAC960_V2_ReadDeviceConfiguration: ERROR:NULL:1439:1442: Using unknown ptr "Command" illegally! set by 'DAC960_AllocateCommand':1439
Start --->
Command = DAC960_AllocateCommand(Controller);
CommandMailbox = &Command->V2.CommandMailbox;
DAC960_V2_ClearCommand(Command);
Error --->
Command->CommandType = DAC960_ImmediateCommand;
CommandMailbox->SCSI_10.CommandOpcode = DAC960_V2_SCSI_10_Passthru;
---------------------------------------------------------
[BUG] kmem_cache_alloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/block/ll_rw_blk.c:399:blk_init_free_list: ERROR:NULL:397:399: Using unknown ptr "rq" illegally! set by 'kmem_cache_alloc':397
Start --->
rq = kmem_cache_alloc(request_cachep, SLAB_KERNEL);
memset(rq, 0, sizeof(struct request));
Error --->
rq->rq_status = RQ_INACTIVE;
list_add(&rq->table, &q->request_freelist[i & 1]);
---------------------------------------------------------
[BUG] drm_alloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/char/drm/context.c:98:drm_alloc_queue: ERROR:NULL:96:98: Using unknown ptr "queue" illegally! set by 'drm_alloc':96
Start --->
queue = drm_alloc(sizeof(*queue), DRM_MEM_QUEUES);
memset(queue, 0, sizeof(*queue));
Error --->
atomic_set(&queue->use_count, 1);
---------------------------------------------------------
[BUG] drm_alloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/char/drm/fops.c:52:drm_open_helper: ERROR:NULL:49:52: Using unknown ptr "priv" illegally! set by 'drm_alloc':49
Start --->
priv = drm_alloc(sizeof(*priv), DRM_MEM_FILES);
memset(priv, 0, sizeof(*priv));
filp->private_data = priv;
Error --->
priv->uid = current->euid;
priv->pid = current->pid;
---------------------------------------------------------
[BUG] Function will not terminate if "drm_dev_root" is NULL. just printk
/u2/acc/oses/linux/2.4.1/drivers/char/drm/proc.c:96:drm_proc_init: ERROR:NULL:91:96: Using NULL ptr "drm_dev_root" illegally! set by 'create_proc_entry':91
Start --->
drm_dev_root = create_proc_entry(drm_slot_name, S_IFDIR, NULL);
if (!drm_dev_root) {
DRM_ERROR("Cannot create /proc/%s\n", drm_slot_name);
remove_proc_entry("dri", NULL);
}
Error --->
if (drm_dev_root->nlink == 2) break;
drm_dev_root = NULL;
---------------------------------------------------------
[BUG] When kmalloc fails, pB could be NULL. It has a printk call
/u2/acc/oses/linux/2.4.1/drivers/char/ip2main.c:897:old_ip2_init: ERROR:NULL:747:897: Using NULL ptr "pB" illegally! set by 'kmalloc':747
Start --->
pB = kmalloc( sizeof(i2eBordStr), GFP_KERNEL);
if ( pB != NULL ) {
i2BoardPtrTable[i] = pB;
memset( pB, 0, sizeof(i2eBordStr) );
iiSetAddress( pB, ip2config.addr[i], ii2DelayTimer );
... DELETED 142 lines ...
for ( box = 0; box < ABS_MAX_BOXES; ++box )
{
for ( j = 0; j < ABS_BIGGEST_BOX; ++j )
{
Error --->
if ( pB->i2eChannelMap[box] & (1 << j) )
{
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/char/pc_keyb.c:1018:psaux_init: ERROR:NULL:1016:1018: Using unknown ptr "queue" illegally! set by 'kmalloc':1016
Start --->
queue = (struct aux_queue *) kmalloc(sizeof(*queue), GFP_KERNEL);
memset(queue, 0, sizeof(*queue));
Error --->
queue->head = queue->tail = 0;
init_waitqueue_head(&queue->proc_list);
---------------------------------------------------------
[BUG] at label free0, p has been freed, or p's allocation failed.
/u2/acc/oses/linux/2.4.1/drivers/char/rio/rio_linux.c:1038:rio_init_datastructures: ERROR:NULL:980:1038: Using NULL ptr "p" illegally! set by 'ckmalloc':980
Start --->
if (!(p = ckmalloc ( RI_SZ))) goto free0;
if (!(p->RIOHosts = ckmalloc (RIO_HOSTS * HOST_SZ))) goto free1;
if (!(p->RIOPortp = ckmalloc (RIO_PORTS * PORT_SZ))) goto free2;
if (!(rio_termios = ckmalloc (RIO_PORTS * TMIO_SZ))) goto free3;
if (!(rio_termios_locked = ckmalloc (RIO_PORTS * TMIO_SZ))) goto free4;
... DELETED 50 lines ...
free2:kfree (p->RIOHosts);
free1:kfree (p);
free0:
rio_dprintk (RIO_DEBUG_INIT, "Not enough memory! %p %p %p %p %p\n",
Error --->
p, p->RIOHosts, p->RIOPortp, rio_termios, rio_termios);
return -ENOMEM;
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/i2o/i2o_core.c:927:i2o_core_evt: ERROR:NULL:922:927: Using unknown ptr "d" illegally! set by 'kmalloc':922
Start --->
kmalloc(sizeof(struct i2o_device), GFP_KERNEL);
int i;
memcpy(&d->lct_data, &msg[5], sizeof(i2o_lct_entry));
Error --->
d->next = NULL;
d->controller = c;
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/ide/ide-probe.c:749:init_gendisk: ERROR:NULL:748:749: Using unknown ptr "gd" illegally! set by 'kmalloc':748
Start --->
gd = kmalloc (sizeof(struct gendisk), GFP_KERNEL);
Error --->
gd->sizes = kmalloc (minors * sizeof(int), GFP_KERNEL);
gd->part = kmalloc (minors * sizeof(struct hd_struct), GFP_KERNEL);
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/ide/ide-probe.c:656:init_irq: ERROR:NULL:654:656: Using unknown ptr "hwgroup" illegally! set by 'kmalloc':654
Start --->
hwgroup = kmalloc(sizeof(ide_hwgroup_t), GFP_KERNEL);
memset(hwgroup, 0, sizeof(ide_hwgroup_t));
Error --->
hwgroup->hwif = hwif->next = hwif;
hwgroup->rq = NULL;
---------------------------------------------------------
[BUG] __idetape_kmalloc_stage can return NULL
/u2/acc/oses/linux/2.4.1/drivers/ide/ide-tape.c:3409:idetape_onstream_read_back_buffer: ERROR:NULL:3406:3409: Using unknown ptr "stage" illegally! set by '__idetape_kmalloc_stage':3406
Start --->
stage = __idetape_kmalloc_stage(tape, 0, 0);
if (!first)
first = stage;
Error --->
aux = stage->aux;
p = stage->bh->b_data;
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/isdn/avmb1/avm_cs.c:142:avmcs_attach: ERROR:NULL:140:142: Using unknown ptr "link" illegally! set by 'kmalloc':140
Start --->
link = kmalloc(sizeof(struct dev_link_t), GFP_KERNEL);
memset(link, 0, sizeof(struct dev_link_t));
Error --->
link->release.function = &avmcs_release;
link->release.data = (u_long)link;
---------------------------------------------------------
[BUG] alloc_skb can return NULL
/u2/acc/oses/linux/2.4.1/drivers/isdn/avmb1/capi.c:991:capi_write: ERROR:NULL:985:991: Using unknown ptr "skb" illegally! set by 'alloc_skb':985
Start --->
skb = alloc_skb(count, GFP_USER);
if ((retval = copy_from_user(skb_put(skb, count), buf, count))) {
kfree_skb(skb);
return retval;
}
Error --->
mlen = CAPIMSG_LEN(skb->data);
if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) {
---------------------------------------------------------
[BUG] alloc_skb can return NULL
/u2/acc/oses/linux/2.4.1/drivers/isdn/avmb1/capi.c:1422:capinc_raw_write: ERROR:NULL:1402:1422: Using unknown ptr "skb" illegally! set by 'alloc_skb':1402
Start --->
skb = alloc_skb(CAPI_DATA_B3_REQ_LEN+count, GFP_USER);
skb_reserve(skb, CAPI_DATA_B3_REQ_LEN);
if ((retval = copy_from_user(skb_put(skb, count), buf, count))) {
kfree_skb(skb);
... DELETED 12 lines ...
if (signal_pending(current))
return -ERESTARTNOHAND;
}
skb_queue_tail(&mp->outqueue, skb);
Error --->
mp->outbytes += skb->len;
(void)handle_minor_send(mp);
---------------------------------------------------------
[BUG] pointer is invalid in error message
/u2/acc/oses/linux/2.4.1/drivers/isdn/avmb1/capidrv.c:2134:if_readstat: ERROR:NULL:2128:2134: Using NULL ptr "card" illegally! set by 'findcontrbydriverid':2128
Start --->
capidrv_contr *card = findcontrbydriverid(id);
int count;
__u8 *p;
if (!card) {
printk(KERN_ERR "capidrv-%d: if_readstat called with invalid driverId %d!\n",
Error --->
card->contrnr, id);
return -ENODEV;
---------------------------------------------------------
[BUG] pointer is invalid in error message
/u2/acc/oses/linux/2.4.1/drivers/isdn/avmb1/capidrv.c:2064:if_sendbuf: ERROR:NULL:2054:2064: Using NULL ptr "card" illegally! set by 'findcontrbydriverid':2054
Start --->
capidrv_contr *card = findcontrbydriverid(id);
capidrv_bchan *bchan;
capidrv_ncci *nccip;
int len = skb->len;
size_t msglen;
__u16 errcode;
__u16 datahandle;
if (!card) {
printk(KERN_ERR "capidrv-%d: if_sendbuf called with invalid driverId %d!\n",
Error --->
card->contrnr, id);
return 0;
---------------------------------------------------------
[BUG] alloc_page can return NULL
/u2/acc/oses/linux/2.4.1/drivers/md/raid5.c:1278:__check_consistency: ERROR:NULL:1277:1278: Using unknown ptr "b_page" illegally! set by 'alloc_pages':1277
Start --->
tmp->b_page = alloc_page(GFP_KERNEL);
Error --->
tmp->b_data = page_address(tmp->b_page);
if (!tmp->b_data)
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/md/raid5.c:1276:__check_consistency: ERROR:NULL:1275:1276: Using unknown ptr "tmp" illegally! set by 'kmalloc':1275
Start --->
tmp = kmalloc(sizeof(*tmp), GFP_KERNEL);
Error --->
tmp->b_size = 4096;
tmp->b_page = alloc_page(GFP_KERNEL);
---------------------------------------------------------
[BUG] alloc_pages can return NULL
/u2/acc/oses/linux/2.4.1/drivers/md/raid5.c:160:grow_buffers: ERROR:NULL:159:160: Using unknown ptr "page" illegally! set by 'alloc_pages':159
Start --->
page = alloc_page(priority);
Error --->
bh->b_data = page_address(page);
if (!bh->b_data) {
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/media/video/i2c-parport.c:77:i2c_parport_attach: ERROR:NULL:76:77: Using unknown ptr "b" illegally! set by 'kmalloc':76
Start --->
GFP_KERNEL);
Error --->
b->i2c = parport_i2c_bus_template;
b->i2c.data = parport_get_port (port);
---------------------------------------------------------
[BUG] create_proc_entry can return NULL
/u2/acc/oses/linux/2.4.1/drivers/media/video/videodev.c:367:videodev_proc_create_dev: ERROR:NULL:366:367: Using unknown ptr "p" illegally! set by 'create_proc_entry':366
Start --->
p = create_proc_entry(name, S_IFREG|S_IRUGO|S_IWUSR, video_dev_proc_entry);
Error --->
p->data = vfd;
p->read_proc = videodev_proc_read;
---------------------------------------------------------
[BUG] dev_alloc_skb can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/3c505.c:619:receive_packet: ERROR:NULL:598:619: Using NULL ptr "skb" illegally! set by 'dev_alloc_skb':598
Start --->
skb = dev_alloc_skb(rlen + 2);
if (!skb) {
printk("%s: memory squeeze, dropping packet\n", dev->name);
target = adapter->dma_buffer;
... DELETED 13 lines ...
/* if this happens, we die */
if (test_and_set_bit(0, (void *) &adapter->dmaing))
printk("%s: rx blocked, DMA in progress, dir %d\n", dev->name, adapter->current_dma.direction);
Error --->
skb->dev = dev;
adapter->current_dma.direction = 0;
---------------------------------------------------------
[BUG] init_etherdev could return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/3c515.c:604:corkscrew_found_device: ERROR:NULL:603:604: Using unknown ptr "dev" illegally! set by 'init_etherdev':603
Start --->
dev = init_etherdev(dev, sizeof(struct corkscrew_private));
Error --->
dev->base_addr = ioaddr;
dev->irq = irq;
---------------------------------------------------------
[BUG] init_etherdev can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/aironet4500_card.c:537:awc4500_isa_probe: ERROR:NULL:535:537: Using unknown ptr "dev" illegally! set by 'init_etherdev':535
Start --->
dev = init_etherdev(dev, 0 );
}
Error --->
dev->priv = kmalloc(sizeof(struct awc_private),GFP_KERNEL );
memset(dev->priv,0,sizeof(struct awc_private));
---------------------------------------------------------
[BUG]
/u2/acc/oses/linux/2.4.1/drivers/net/aironet4500_card.c:375:awc4500_pnp_probe: ERROR:NULL:373:375: Using unknown ptr "dev" illegally! set by 'init_etherdev':373
Start --->
dev = init_etherdev(dev, 0 );
}
Error --->
dev->priv = kmalloc(sizeof(struct awc_private),GFP_KERNEL );
memset(dev->priv,0,sizeof(struct awc_private));
---------------------------------------------------------
[BUG] dev_alloc_skb can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/defxx.c:2719:dfx_rcv_init: ERROR:NULL:2712:2719: Using unknown ptr "newskb" illegally! set by 'dev_alloc_skb':2712
Start --->
newskb = dev_alloc_skb(NEW_SKB_SIZE);
/*
* align to 128 bytes for compatibility with
* the old EISA boards.
*/
my_skb_align(newskb,128);
Error --->
bp->descr_block_virt->rcv_data[i+j].long_1 = virt_to_bus(newskb->data);
/*
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/dgrs.c:1258:dgrs_found_device: ERROR:NULL:1256:1258: Using unknown ptr "dev" illegally! set by 'kmalloc':1256
Start --->
dev = (struct net_device *) kmalloc(dev_size, GFP_KERNEL);
memset(dev, 0, dev_size);
Error --->
dev->priv = ((void *)dev) + sizeof(struct net_device);
priv = (DGRS_PRIV *)dev->priv;
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/dgrs.c:1297:dgrs_found_device: ERROR:NULL:1294:1297: Using unknown ptr "devN" illegally! set by 'kmalloc':1294
Start --->
devN = (struct net_device *) kmalloc(dev_size, GFP_KERNEL);
/* Make it an exact copy of dev[0]... */
memcpy(devN, dev, dev_size);
Error --->
devN->priv = ((void *)devN) + sizeof(struct net_device);
privN = (DGRS_PRIV *)devN->priv;
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/aironet4500_cs.c:181:awc_attach: ERROR:NULL:179:181: Using unknown ptr "link" illegally! set by 'kmalloc':179
Start --->
link = kmalloc(sizeof(struct dev_link_t), GFP_KERNEL);
memset(link, 0, sizeof(struct dev_link_t));
Error --->
link->dev = kmalloc(sizeof(struct dev_node_t), GFP_KERNEL);
memset(link->dev, 0, sizeof(struct dev_node_t));
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/wavelan_cs.c:4463:wavelan_attach: ERROR:NULL:4458:4463: Using unknown ptr "dev" illegally! set by 'kmalloc':4458
Start --->
dev = kmalloc(sizeof(struct net_device), GFP_KERNEL);
memset(dev, 0x00, sizeof(struct net_device));
link->priv = link->irq.Instance = dev;
/* Allocate the wavelan-specific data structure. */
Error --->
dev->priv = lp = (net_local *) kmalloc(sizeof(net_local), GFP_KERNEL);
memset(lp, 0x00, sizeof(net_local));
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/wavelan_cs.c:4430:wavelan_attach: ERROR:NULL:4426:4430: Using unknown ptr "link" illegally! set by 'kmalloc':4426
Start --->
link = kmalloc(sizeof(struct dev_link_t), GFP_KERNEL);
memset(link, 0, sizeof(struct dev_link_t));
/* Unused for the Wavelan */
Error --->
link->release.function = &wv_pcmcia_release;
link->release.data = (u_long) link;
---------------------------------------------------------
[BUG] dev could be NULL, then init_etherdev -> init_netdev will alloc a new device -- it could fail.
/u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/xircom_tulip_cb.c:559:tulip_probe1: ERROR:NULL:522:559: Using unknown ptr "dev" illegally! set by 'init_etherdev':522
Start --->
dev = init_etherdev(dev, 0);
pci_read_config_byte(pdev, PCI_REVISION_ID, &chip_rev);
/* Bring the 21143 out of sleep mode.
Caution: Snooze mode does not work with some boards! */
... DELETED 29 lines ...
int value, boguscnt = 100000;
do
value = inl(ioaddr + CSR9);
while (value < 0 && --boguscnt > 0);
Error --->
dev->dev_addr[i] = value;
sum += value & 0xff;
---------------------------------------------------------
[BUG] init_etherdev
/u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/xircom_tulip_cb.c:577:tulip_probe1: ERROR:NULL:522:577: Using unknown ptr "dev" illegally! set by 'init_etherdev':522
Start --->
dev = init_etherdev(dev, 0);
pci_read_config_byte(pdev, PCI_REVISION_ID, &chip_rev);
/* Bring the 21143 out of sleep mode.
Caution: Snooze mode does not work with some boards! */
... DELETED 47 lines ...
/* No need to read the EEPROM. */
put_unaligned(inl(ioaddr + 0xA4), (u32 *)dev->dev_addr);
put_unaligned(inl(ioaddr + 0xA8), (u16 *)(dev->dev_addr + 4));
for (i = 0; i < 6; i ++)
Error --->
sum += dev->dev_addr[i];
} else if (chip_idx == X3201_3) {
---------------------------------------------------------
[BUG] init_etherdev
/u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/xircom_tulip_cb.c:607:tulip_probe1: ERROR:NULL:522:607: Using unknown ptr "dev" illegally! set by 'init_etherdev':522
Start --->
dev = init_etherdev(dev, 0);
pci_read_config_byte(pdev, PCI_REVISION_ID, &chip_rev);
/* Bring the 21143 out of sleep mode.
Caution: Snooze mode does not work with some boards! */
... DELETED 77 lines ...
* This is it. We have the data we want.
*/
for (j = 0; j < 6; j++) {
outl(i + j + 4, ioaddr + CSR10);
Error --->
dev->dev_addr[j] = inl(ioaddr + CSR9) & 0xff;
}
---------------------------------------------------------
[BUG] init_etherdev
/u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/xircom_tulip_cb.c:636:tulip_probe1: ERROR:NULL:522:636: Using unknown ptr "dev" illegally! set by 'init_etherdev':522
Start --->
dev = init_etherdev(dev, 0);
pci_read_config_byte(pdev, PCI_REVISION_ID, &chip_rev);
/* Bring the 21143 out of sleep mode.
Caution: Snooze mode does not work with some boards! */
... DELETED 106 lines ...
sa_offset = 2; /* Grrr, damn Matrox boards. */
multiport_cnt = 4;
}
for (i = 0; i < 6; i ++) {
Error --->
dev->dev_addr[i] = ee_data[i + sa_offset];
sum += ee_data[i + sa_offset];
---------------------------------------------------------
[BUG] init_etherdev
/u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/xircom_tulip_cb.c:642:tulip_probe1: ERROR:NULL:522:642: Using unknown ptr "dev" illegally! set by 'init_etherdev':522
Start --->
dev = init_etherdev(dev, 0);
pci_read_config_byte(pdev, PCI_REVISION_ID, &chip_rev);
/* Bring the 21143 out of sleep mode.
Caution: Snooze mode does not work with some boards! */
... DELETED 112 lines ...
}
}
/* Lite-On boards have the address byte-swapped. */
if ((dev->dev_addr[0] == 0xA0 || dev->dev_addr[0] == 0xC0)
Error --->
&& dev->dev_addr[1] == 0x00)
for (i = 0; i < 6; i+=2) {
---------------------------------------------------------
[BUG] sm_to_para can return NULL. But the start line is not correct.
/u2/acc/oses/linux/2.4.1/drivers/net/skfp/ess.c:191:ess_raf_received_pack: ERROR:NULL:145:191: Using unknown ptr "p" illegally! set by 'sm_to_para':145
Start --->
if (!(p = (void *) sm_to_para(smc,sm,SMT_P0015))) {
DB_ESS("ESS: RAF frame error, parameter type not found\n",0,0) ;
return(fs) ;
}
msg_res_type = ((struct smt_p_0015 *)p)->res_type ;
... DELETED 38 lines ...
return(fs) ;
p = (void *) sm_to_para(smc,sm,SMT_P0019) ;
for (i = 0; i < 5; i++) {
Error --->
if (((struct smt_p_0019 *)p)->alloc_addr.a[i]) {
return(fs) ;
---------------------------------------------------------
[BUG] sm_to_para can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/skfp/ess.c:539:ess_send_response: ERROR:NULL:538:539: Using unknown ptr "p" illegally! set by 'sm_to_para':538
Start --->
p = (void *) sm_to_para(smc,sm,SMT_P001A) ;
Error --->
chg->cat.category = ((struct smt_p_001a *)p)->category ;
}
---------------------------------------------------------
[BUG] function doesn't exit if skb == NULL. just printk
/u2/acc/oses/linux/2.4.1/drivers/net/smc9194.c:1356:smc_rcv: ERROR:NULL:1341:1356: Using NULL ptr "skb" illegally! set by 'dev_alloc_skb':1341
Start --->
skb = dev_alloc_skb( packet_length + 5);
if ( skb == NULL ) {
printk(KERN_NOTICE CARDNAME
": Low memory, packet dropped.\n");
... DELETED 7 lines ...
*/
skb_reserve( skb, 2 ); /* 16 bit alignment */
Error --->
skb->dev = dev;
data = skb_put( skb, packet_length);
---------------------------------------------------------
[BUG] init_etherdev can return NULL if dev is NULL
/u2/acc/oses/linux/2.4.1/drivers/net/sunhme.c:2838:happy_meal_pci_init: ERROR:NULL:2806:2838: Using unknown ptr "dev" illegally! set by 'init_etherdev':2806
Start --->
dev = init_etherdev(0, sizeof(struct happy_meal));
} else {
dev->priv = kmalloc(sizeof(struct happy_meal), GFP_KERNEL);
if (dev->priv == NULL)
return -ENOMEM;
... DELETED 24 lines ...
else
printk(KERN_INFO "%s: HAPPY MEAL (PCI/CheerIO) 10/100BaseT Ethernet ",
dev->name);
Error --->
dev->base_addr = (long) pdev;
---------------------------------------------------------
[BUG] dev could be NULL, then init_trdev will call init_netdev to allocate a new device.
/u2/acc/oses/linux/2.4.1/drivers/net/tokenring/ibmtr.c:405:ibmtr_probe1: ERROR:NULL:304:405: Using unknown ptr "dev" illegally! set by 'init_trdev':304
Start --->
dev = init_trdev(dev,0);
#endif
#endif
/* Query the adapter PIO base port which will return
... DELETED 93 lines ...
ti->readlog_pending = 0;
init_waitqueue_head(&ti->wait_for_tok_int);
init_waitqueue_head(&ti->wait_for_reset);
Error --->
dev->priv = ti; /* this seems like the logical use of the
field ... let's try some empirical tests
---------------------------------------------------------
[BUG] dev_alloc_skb can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/tokenring/lanstreamer.c:1429:streamer_arb_cmd: ERROR:NULL:1386:1429: Using unknown ptr "mac_frame" illegally! set by 'dev_alloc_skb':1386
Start --->
mac_frame = dev_alloc_skb(frame_len);
/* Walk the buffer chain, creating the frame */
do {
... DELETED 35 lines ...
dev->name, mac_hdr->saddr[0], mac_hdr->saddr[1],
mac_hdr->saddr[2], mac_hdr->saddr[3],
mac_hdr->saddr[4], mac_hdr->saddr[5]);
#endif
Error --->
mac_frame->dev = dev;
mac_frame->protocol = tr_type_trans(mac_frame, dev);
---------------------------------------------------------
[BUG] dev_alloc_skb can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/tokenring/olympic.c:1276:olympic_arb_cmd: ERROR:NULL:1258:1276: Using unknown ptr "mac_frame" illegally! set by 'dev_alloc_skb':1258
Start --->
mac_frame = dev_alloc_skb(frame_len) ;
/* Walk the buffer chain, creating the frame */
do {
... DELETED 10 lines ...
mac_hdr = (struct trh_hdr *)mac_frame->data ;
printk(KERN_WARNING "%s: MAC Frame Dest. Addr: %02x:%02x:%02x:%02x:%02x:%02x \n", dev->name , mac_hdr->daddr[0], mac_hdr->daddr[1], mac_hdr->daddr[2], mac_hdr->daddr[3], mac_hdr->daddr[4], mac_hdr->daddr[5]) ;
printk(KERN_WARNING "%s: MAC Frame Srce. Addr: %02x:%02x:%02x:%02x:%02x:%02x \n", dev->name , mac_hdr->saddr[0], mac_hdr->saddr[1], mac_hdr->saddr[2], mac_hdr->saddr[3], mac_hdr->saddr[4], mac_hdr->saddr[5]) ;
#endif
Error --->
mac_frame->dev = dev ;
mac_frame->protocol = tr_type_trans(mac_frame,dev);
---------------------------------------------------------
[BUG] init_trdev can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/tokenring/olympic.c:219:olympic_scan: ERROR:NULL:217:219: Using unknown ptr "dev" illegally! set by 'init_trdev':217
Start --->
dev=init_trdev(dev, 0);
#endif
Error --->
dev->priv=(void *)olympic_priv;
#if OLYMPIC_DEBUG
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/tokenring/olympic.c:226:olympic_scan: ERROR:NULL:212:226: Using unknown ptr "olympic_priv" illegally! set by 'kmalloc':212
Start --->
olympic_priv=kmalloc(sizeof (struct olympic_private), GFP_KERNEL);
memset(olympic_priv, 0, sizeof(struct olympic_private));
init_waitqueue_head(&olympic_priv->srb_wait);
init_waitqueue_head(&olympic_priv->trb_wait);
#ifndef MODULE
... DELETED 6 lines ...
#endif
dev->irq=pci_device->irq;
dev->base_addr=pci_resource_start(pci_device, 0);
dev->init=&olympic_init;
Error --->
olympic_priv->olympic_card_name = (char *)pci_device->resource[0].name ;
olympic_priv->olympic_mmio =
---------------------------------------------------------
[BUG] dev_alloc_skb can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/tokenring/smctr.c:3956:smctr_process_rx_packet: ERROR:NULL:3955:3956: Using unknown ptr "skb" illegally! set by 'dev_alloc_skb':3955
Start --->
skb = dev_alloc_skb(size);
Error --->
skb->len = size;
---------------------------------------------------------
[BUG] dev_alloc_skb can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/tokenring/smctr.c:4633:smctr_rx_frame: ERROR:NULL:4630:4633: Using unknown ptr "skb" illegally! set by 'dev_alloc_skb':4630
Start --->
skb = dev_alloc_skb(rx_size);
skb_put(skb, rx_size);
Error --->
memcpy(skb->data, pbuff, rx_size);
sti();
---------------------------------------------------------
[BUG] dev_alloc_skb can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/tokenring/tms380tr.c:2167:tms380tr_rcv_status_irq: ERROR:NULL:2149:2167: Using NULL ptr "skb" illegally! set by 'dev_alloc_skb':2149
Start --->
skb = dev_alloc_skb(tp->MaxPacketSize);
if(skb == NULL)
{
/* Update Stats ?? */
}
... DELETED 10 lines ...
if(rpl->SkbStat == SKB_DATA_COPY
|| rpl->SkbStat == SKB_DMA_DIRECT)
{
if(rpl->SkbStat == SKB_DATA_COPY)
Error --->
memmove(skb->data, ReceiveDataPtr, Length);
---------------------------------------------------------
[BUG] dev_alloc_skb can return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/tokenring/tms380tr.c:2172:tms380tr_rcv_status_irq: ERROR:NULL:2149:2172: Using NULL ptr "skb" illegally! set by 'dev_alloc_skb':2149
Start --->
skb = dev_alloc_skb(tp->MaxPacketSize);
if(skb == NULL)
{
/* Update Stats ?? */
}
... DELETED 15 lines ...
/* Deliver frame to system */
rpl->Skb = NULL;
skb_trim(skb,Length);
Error --->
skb->protocol = tr_type_trans(skb,dev);
netif_rx(skb);
---------------------------------------------------------
[BUG] skb_clone could return NULL
/u2/acc/oses/linux/2.4.1/drivers/net/wan/comx-proto-fr.c:506:fr_xmit: ERROR:NULL:505:506: Using unknown ptr "newskb" illegally! set by 'skb_clone':505
Start --->
struct sk_buff *newskb=skb_clone(skb, GFP_ATOMIC);
Error --->
newskb->dev=fr->master;
dev_queue_xmit(newskb);
---------------------------------------------------------
[BUG] kmalloc
/u2/acc/oses/linux/2.4.1/drivers/net/wan/lmc/lmc_proto.c:106:lmc_proto_init: ERROR:NULL:105:106: Using unknown ptr "pd" illegally! set by 'kmalloc':105
Start --->
sc->pd = kmalloc(sizeof(struct ppp_device), GFP_KERNEL);
Error --->
sc->pd->dev = sc->lmc_device;
#endif
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/pci/setup-res.c:166:pdev_sort_resources: ERROR:NULL:165:166: Using unknown ptr "tmp" illegally! set by 'kmalloc':165
Start --->
tmp = kmalloc(sizeof(*tmp), GFP_KERNEL);
Error --->
tmp->next = ln;
tmp->res = r;
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/pcmcia/bulkmem.c:231:setup_erase_request: ERROR:NULL:230:231: Using unknown ptr "busy" illegally! set by 'kmalloc':230
Start --->
busy = kmalloc(sizeof(erase_busy_t), GFP_KERNEL);
Error --->
busy->erase = erase;
busy->client = handle;
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/pcmcia/bulkmem.c:362:setup_regions: ERROR:NULL:361:362: Using unknown ptr "r" illegally! set by 'kmalloc':361
Start --->
r = kmalloc(sizeof(*r), GFP_KERNEL);
Error --->
r->region_magic = REGION_MAGIC;
r->state = 0;
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/pcmcia/ds.c:417:bind_request: ERROR:NULL:416:417: Using unknown ptr "b" illegally! set by 'kmalloc':416
Start --->
b = kmalloc(sizeof(socket_bind_t), GFP_KERNEL);
Error --->
b->driver = driver;
b->function = bind_info->function;
---------------------------------------------------------
[BUG] scsi_register
/u2/acc/oses/linux/2.4.1/drivers/scsi/AM53C974.c:683:AM53C974_init: ERROR:NULL:681:683: Using unknown ptr "instance" illegally! set by 'scsi_register':681
Start --->
instance = scsi_register(tpnt, sizeof(struct AM53C974_hostdata));
hostdata = (struct AM53C974_hostdata *) instance->hostdata;
Error --->
instance->base = 0;
instance->io_port = pci_resource_start(pdev, 0);
---------------------------------------------------------
[BUG] scsi_register could return NULL
/u2/acc/oses/linux/2.4.1/drivers/scsi/NCR53c406a.c:573:NCR53c406a_detect: ERROR:NULL:572:573: Using unknown ptr "shpnt" illegally! set by 'scsi_register':572
Start --->
shpnt = scsi_register(tpnt, 0);
Error --->
shpnt->irq = irq_level;
shpnt->io_port = port_base;
---------------------------------------------------------
[BUG] function will not quit if "instance" is invalid
/u2/acc/oses/linux/2.4.1/drivers/scsi/g_NCR5380.c:407:generic_NCR5380_detect: ERROR:NULL:395:407: Using NULL ptr "instance" illegally! set by 'scsi_register':395
Start --->
instance = scsi_register (tpnt, sizeof(struct NCR5380_hostdata));
if(instance == NULL)
{
#ifdef CONFIG_SCSI_G_NCR5380_PORT
release_region(overrides[current_override].NCR5380_map_name,
... DELETED 4 lines ...
NCR5380_region_size);
#endif
}
Error --->
instance->NCR5380_instance_name = overrides[current_override].NCR5380_map_name;
---------------------------------------------------------
[BUG]
/u2/acc/oses/linux/2.4.1/drivers/scsi/gdth.c:3630:gdth_halt: ERROR:NULL:3629:3630: Using unknown ptr "scp" illegally! set by 'scsi_allocate_device':3629
Start --->
scp = scsi_allocate_device(sdev, 1, FALSE);
Error --->
scp->cmd_len = 12;
scp->use_sg = 0;
---------------------------------------------------------
[BUG] scsi_allocate_device can return NULL
/u2/acc/oses/linux/2.4.1/drivers/scsi/gdth_proc.c:431:gdth_get_info: ERROR:NULL:430:431: Using unknown ptr "scp" illegally! set by 'scsi_allocate_device':430
Start --->
scp = scsi_allocate_device(sdev, 1, FALSE);
Error --->
scp->cmd_len = 12;
scp->use_sg = 0;
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/scsi/hosts.c:171:scsi_register: ERROR:NULL:170:171: Using unknown ptr "shn" illegally! set by 'kmalloc':170
Start --->
shn = (Scsi_Host_Name *) kmalloc(sizeof(Scsi_Host_Name), GFP_ATOMIC);
Error --->
shn->name = kmalloc(hname_len + 1, GFP_ATOMIC);
if (hname_len > 0)
---------------------------------------------------------
[BUG] osst_do_scsi will never return NULL if argument SRpnt isn't NULL. But they copy SRpnt back by *aSRpnt, implies it could be NULL
/u2/acc/oses/linux/2.4.1/drivers/scsi/osst.c:1145:osst_read_back_buffer_and_rewrite: ERROR:NULL:1042:1145: Using unknown ptr "SRpnt" illegally! set by 'osst_do_scsi':1042
Start --->
STp->timeout, MAX_RETRIES, TRUE);
if ((STp->buffer)->syscall_result) {
printk(KERN_ERR "osst%d: Failed to read block back from OnStream buffer\n", dev);
vfree((void *)buffer);
... DELETED 95 lines ...
SRpnt = osst_do_scsi(SRpnt, STp, cmd, 0, SCSI_DATA_NONE, STp->timeout,
MAX_READY_RETRIES, TRUE);
if (SRpnt->sr_sense_buffer[2] == 2 && SRpnt->sr_sense_buffer[12] == 4 &&
Error --->
(SRpnt->sr_sense_buffer[13] == 1 || SRpnt->sr_sense_buffer[13] == 8)) {
/* in the process of becoming ready */
---------------------------------------------------------
[BUG]
/u2/acc/oses/linux/2.4.1/drivers/scsi/osst.c:1145:osst_read_back_buffer_and_rewrite: ERROR:NULL:1111:1145: Using unknown ptr "SRpnt" illegally! set by 'osst_do_scsi':1111
Start --->
STp->timeout, MAX_WRITE_RETRIES, TRUE);
if (STp->buffer->syscall_result)
flag = 1;
else {
... DELETED 26 lines ...
SRpnt = osst_do_scsi(SRpnt, STp, cmd, 0, SCSI_DATA_NONE, STp->timeout,
MAX_READY_RETRIES, TRUE);
if (SRpnt->sr_sense_buffer[2] == 2 && SRpnt->sr_sense_buffer[12] == 4 &&
Error --->
(SRpnt->sr_sense_buffer[13] == 1 || SRpnt->sr_sense_buffer[13] == 8)) {
/* in the process of becoming ready */
---------------------------------------------------------
[BUG] osst_do_scsi can return NULL
/u2/acc/oses/linux/2.4.1/drivers/scsi/osst.c:1243:osst_reposition_and_retry: ERROR:NULL:1237:1243: Using unknown ptr "SRpnt" illegally! set by 'osst_do_scsi':1237
Start --->
STp->timeout, MAX_WRITE_RETRIES, TRUE);
*aSRpnt = SRpnt;
if (STp->buffer->syscall_result) { /* additional write error */
if ((SRpnt->sr_sense_buffer[ 2] & 0x0f) == 13 &&
SRpnt->sr_sense_buffer[12] == 0 &&
Error --->
SRpnt->sr_sense_buffer[13] == 2) {
printk(OSST_DEB_MSG
---------------------------------------------------------
[BUG]
/u2/acc/oses/linux/2.4.1/drivers/scsi/pci2220i.c:2659:Pci2220i_Detect: ERROR:NULL:2650:2659: Using unknown ptr "pshost" illegally! set by 'scsi_register':2650
Start --->
pshost = scsi_register (tpnt, sizeof(ADAPTER2220I));
padapter = HOSTDATA(pshost);
if ( GetRegs (pshost, TRUE, pcidev) )
goto unregister1;
for ( z = 0; z < BIGD_MAXDRIVES; z++ )
DiskMirror[z].status = inb_p (padapter->regScratchPad + BIGD_RAID_0_STATUS + z);
Error --->
pshost->max_id = padapter->numberOfDrives;
padapter->failRegister = inb_p (padapter->regScratchPad + BIGD_ALARM_IMAGE);
---------------------------------------------------------
[BUG] scsi_register can return NULL
/u2/acc/oses/linux/2.4.1/drivers/scsi/qla1280.c:819:qla1280_detect: ERROR:NULL:812:819: Using unknown ptr "host" illegally! set by 'scsi_register':812
Start --->
host = scsi_register(template, sizeof(scsi_qla_host_t));
ha = (scsi_qla_host_t *) host->hostdata;
/* Clear our data area */
for( j =0, cp = (char *)ha; j < sizeof(scsi_qla_host_t); j++)
*cp = 0;
/* Sanitize the information from PCI BIOS. */
#if LINUX_VERSION_CODE > KERNEL_VERSION(2,1,95)
Error --->
host->irq = pdev->irq;
host->io_port = pci_resource_start(pdev, 0);
---------------------------------------------------------
[BUG] scsi_register
/u2/acc/oses/linux/2.4.1/drivers/scsi/qlogicfas.c:621:qlogicfas_detect: ERROR:NULL:620:621: Using unknown ptr "hreg" illegally! set by 'scsi_register':620
Start --->
hreg = scsi_register( host , 0 ); /* no host data */
Error --->
hreg->io_port = qbase;
hreg->n_io_port = 16;
---------------------------------------------------------
[BUG] scsi_register
/u2/acc/oses/linux/2.4.1/drivers/scsi/qlogicfc.c:762:isp2x00_detect: ERROR:NULL:761:762: Using unknown ptr "host" illegally! set by 'scsi_register':761
Start --->
host = scsi_register(tmpt, sizeof(struct isp2x00_hostdata));
Error --->
host->max_id = QLOGICFC_MAX_ID + 1;
host->max_lun = QLOGICFC_MAX_LUN;
---------------------------------------------------------
[BUG] scsi_register
/u2/acc/oses/linux/2.4.1/drivers/scsi/qlogicisp.c:702:isp1020_detect: ERROR:NULL:684:702: Using unknown ptr "host" illegally! set by 'scsi_register':684
Start --->
host = scsi_register(tmpt, sizeof(struct isp1020_hostdata));
hostdata = (struct isp1020_hostdata *) host->hostdata;
memset(hostdata, 0, sizeof(struct isp1020_hostdata));
... DELETED 10 lines ...
|| isp1020_set_defaults(host)
#endif /* USE_NVRAM_DEFAULTS */
|| isp1020_load_parameters(host)) {
iounmap((void *)hostdata->memaddr);
Error --->
release_region(host->io_port, 0xff);
goto fail_and_unregister;
---------------------------------------------------------
[BUG] scsi_register
/u2/acc/oses/linux/2.4.1/drivers/scsi/qlogicisp.c:706:isp1020_detect: ERROR:NULL:684:706: Using unknown ptr "host" illegally! set by 'scsi_register':684
Start --->
host = scsi_register(tmpt, sizeof(struct isp1020_hostdata));
hostdata = (struct isp1020_hostdata *) host->hostdata;
memset(hostdata, 0, sizeof(struct isp1020_hostdata));
... DELETED 14 lines ...
release_region(host->io_port, 0xff);
goto fail_and_unregister;
}
Error --->
host->this_id = hostdata->host_param.initiator_scsi_id;
---------------------------------------------------------
[BUG] Propagated unchecked kmalloc from scsi_allocate_request
/u2/acc/oses/linux/2.4.1/drivers/scsi/scsi_ioctl.c:106:ioctl_internal_command: ERROR:NULL:104:106: Using unknown ptr "SRpnt" illegally! set by 'scsi_allocate_request':104
Start --->
SRpnt = scsi_allocate_request(dev);
Error --->
SRpnt->sr_data_direction = SCSI_DATA_NONE;
scsi_wait_req(SRpnt, cmd, NULL, 0, timeout, retries);
---------------------------------------------------------
[BUG] proc_mkdir can return NULL
/u2/acc/oses/linux/2.4.1/drivers/scsi/scsi_proc.c:124:build_proc_dir_entries: ERROR:NULL:123:124: Using unknown ptr "proc_dir" illegally! set by 'proc_mkdir':123
Start --->
tpnt->proc_dir = proc_mkdir(tpnt->proc_name, proc_scsi);
Error --->
tpnt->proc_dir->owner = tpnt->module;
---------------------------------------------------------
[BUG] data dependency on scsi_result
/u2/acc/oses/linux/2.4.1/drivers/scsi/scsi_scan.c:302:scan_scsis: ERROR:NULL:278:302: Using NULL ptr "SDpnt" illegally! set by 'kmalloc':278
Start --->
GFP_ATOMIC);
if (SDpnt) {
memset(SDpnt, 0, sizeof(Scsi_Device));
/*
* Register the queue for the device. All I/O requests will
... DELETED 16 lines ...
}
/*
* We must chain ourself in the host_queue, so commands can time out
*/
Error --->
SDpnt->queue_depth = 1;
SDpnt->host = shpnt;
---------------------------------------------------------
[BUG] Propagated unchecked kmalloc from scsi_allocate_request
/u2/acc/oses/linux/2.4.1/drivers/scsi/scsi_scan.c:513:scan_scsis_single: ERROR:NULL:495:513: Using unknown ptr "SRpnt" illegally! set by 'scsi_allocate_request':495
Start --->
SRpnt = scsi_allocate_request(SDpnt);
/*
* We used to do a TEST_UNIT_READY before the INQUIRY but that was
* not really necessary. Spec recommends using INQUIRY to scan for
... DELETED 10 lines ...
scsi_cmd[2] = 0;
scsi_cmd[3] = 0;
scsi_cmd[4] = 255;
scsi_cmd[5] = 0;
Error --->
SRpnt->sr_cmd_len = 0;
SRpnt->sr_data_direction = SCSI_DATA_READ;
---------------------------------------------------------
[BUG] scsi_allocate_request can return NULL
/u2/acc/oses/linux/2.4.1/drivers/scsi/sd.c:751:sd_init_onedisk: ERROR:NULL:736:751: Using unknown ptr "SRpnt" illegally! set by 'scsi_allocate_request':736
Start --->
SRpnt = scsi_allocate_request(rscsi_disks[i].device);
buffer = (unsigned char *) scsi_malloc(512);
spintime = 0;
... DELETED 7 lines ...
while (retries < 3) {
cmd[0] = TEST_UNIT_READY;
cmd[1] = (rscsi_disks[i].device->lun << 5) & 0xe0;
memset((void *) &cmd[2], 0, 8);
Error --->
SRpnt->sr_cmd_len = 0;
SRpnt->sr_sense_buffer[0] = 0;
---------------------------------------------------------
[BUG] scsi_allocate_request can return NULL
/u2/acc/oses/linux/2.4.1/drivers/scsi/sd.c:774:sd_init_onedisk: ERROR:NULL:736:774: Using unknown ptr "SRpnt" illegally! set by 'scsi_allocate_request':736
Start --->
SRpnt = scsi_allocate_request(rscsi_disks[i].device);
buffer = (unsigned char *) scsi_malloc(512);
spintime = 0;
... DELETED 30 lines ...
*/
if( the_result != 0
&& ((driver_byte(the_result) & DRIVER_SENSE) != 0)
&& SRpnt->sr_sense_buffer[2] == UNIT_ATTENTION
Error --->
&& SRpnt->sr_sense_buffer[12] == 0x3A ) {
rscsi_disks[i].capacity = 0x1fffff;
---------------------------------------------------------
[BUG] same with the previous one
/u2/acc/oses/linux/2.4.1/drivers/scsi/sd.c:785:sd_init_onedisk: ERROR:NULL:736:785: Using unknown ptr "SRpnt" illegally! set by 'scsi_allocate_request':736
Start --->
SRpnt = scsi_allocate_request(rscsi_disks[i].device);
buffer = (unsigned char *) scsi_malloc(512);
spintime = 0;
... DELETED 41 lines ...
/* Look for non-removable devices that return NOT_READY.
* Issue command to spin up drive for these cases. */
if (the_result && !rscsi_disks[i].device->removable &&
Error --->
SRpnt->sr_sense_buffer[2] == NOT_READY) {
unsigned long time1;
---------------------------------------------------------
[BUG] same
/u2/acc/oses/linux/2.4.1/drivers/scsi/sd.c:826:sd_init_onedisk: ERROR:NULL:736:826: Using unknown ptr "SRpnt" illegally! set by 'scsi_allocate_request':736
Start --->
SRpnt = scsi_allocate_request(rscsi_disks[i].device);
buffer = (unsigned char *) scsi_malloc(512);
spintime = 0;
... DELETED 82 lines ...
cmd[0] = READ_CAPACITY;
cmd[1] = (rscsi_disks[i].device->lun << 5) & 0xe0;
memset((void *) &cmd[2], 0, 8);
memset((void *) buffer, 0, 8);
Error --->
SRpnt->sr_cmd_len = 0;
SRpnt->sr_sense_buffer[0] = 0;
---------------------------------------------------------
[BUG] scsi_malloc can return NULL. it should find error at line 756
/u2/acc/oses/linux/2.4.1/drivers/scsi/sd.c:889:sd_init_onedisk: ERROR:NULL:738:889: Using unknown ptr "buffer" illegally! set by 'scsi_malloc':738
Start --->
buffer = (unsigned char *) scsi_malloc(512);
spintime = 0;
/* Spin up drives, as required. Only do this at boot time */
... DELETED 143 lines ...
rscsi_disks[i].capacity = 1 + ((buffer[0] << 24) |
(buffer[1] << 16) |
(buffer[2] << 8) |
Error --->
buffer[3]);
---------------------------------------------------------
[BUG] scsi_allocate_request can return NULL
/u2/acc/oses/linux/2.4.1/drivers/scsi/sr_ioctl.c:88:sr_do_ioctl: ERROR:NULL:87:88: Using unknown ptr "SRpnt" illegally! set by 'scsi_allocate_request':87
Start --->
SRpnt = scsi_allocate_request(scsi_CDs[target].device);
Error --->
SRpnt->sr_data_direction = readwrite;
---------------------------------------------------------
[BUG] scsi_register
/u2/acc/oses/linux/2.4.1/drivers/scsi/ultrastor.c:605:ultrastor_24f_detect: ERROR:NULL:604:605: Using unknown ptr "shpnt" illegally! set by 'scsi_register':604
Start --->
shpnt = scsi_register(tpnt, 0);
Error --->
shpnt->irq = config.interrupt;
shpnt->dma_channel = config.dma_channel;
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/telephony/ixj.c:5834:ixj_attach: ERROR:NULL:5832:5834: Using unknown ptr "link" illegally! set by 'kmalloc':5832
Start --->
link = kmalloc(sizeof(struct dev_link_t), GFP_KERNEL);
memset(link, 0, sizeof(struct dev_link_t));
Error --->
link->release.function = &ixj_cs_release;
link->release.data = (u_long) link;
---------------------------------------------------------
[BUG] dereference to invalid pointer "bluetooth" in error message
/u2/acc/oses/linux/2.4.1/drivers/usb/bluetooth.c:924:bluetooth_read_bulk_callback: ERROR:NULL:828:924: Using NULL ptr "bluetooth" illegally! set by 'get_usb_bluetooth':828
Start --->
struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)urb->context, __FUNCTION__);
unsigned char *data = urb->transfer_buffer;
unsigned int count = urb->actual_length;
unsigned int i;
unsigned int packet_size;
... DELETED 88 lines ...
bluetooth->bulk_packet_pos = 0;
}
exit:
Error --->
FILL_BULK_URB(bluetooth->read_urb, bluetooth->dev,
usb_rcvbulkpipe(bluetooth->dev, bluetooth->bulk_in_endpointAddress),
---------------------------------------------------------
[BUG] scsi_register
/u2/acc/oses/linux/2.4.1/drivers/usb/microtek.c:477:mts_scsi_detect: ERROR:NULL:476:477: Using unknown ptr "host" illegally! set by 'scsi_register':476
Start --->
desc->host = scsi_register(sht, sizeof(desc));
Error --->
desc->host->hostdata[0] = (unsigned long)desc;
/* FIXME: what if sizeof(void*) != sizeof(unsigned long)? */
---------------------------------------------------------
[BUG] kmalloc can return NULL
/u2/acc/oses/linux/2.4.1/drivers/video/sis/sis_main.c:1033:poh_new_node: ERROR:NULL:1031:1033: Using unknown ptr "poha" illegally! set by 'kmalloc':1031
Start --->
poha = kmalloc(OH_ALLOC_SIZE, GFP_KERNEL);
Error --->
poha->pohaNext = heap.pohaChain;
heap.pohaChain = poha;
---------------------------------------------------------
[BUG] But the start line is not correct
/u2/acc/oses/linux/2.4.1/fs/bfs/inode.c:302:bfs_read_super: ERROR:NULL:301:302: Using unknown ptr "inode" illegally! set by 'iget':301
Start --->
inode = iget(s,i);
Error --->
if (inode->iu_dsk_ino == 0)
s->su_freei++;
---------------------------------------------------------
[BUG] proc_mkdir could return NULL
/u2/acc/oses/linux/2.4.1/fs/coda/sysctl.c:488:coda_sysctl_init: ERROR:NULL:487:488: Using unknown ptr "proc_fs_coda" illegally! set by 'proc_mkdir':487
Start --->
proc_fs_coda = proc_mkdir("coda", proc_root_fs);
Error --->
proc_fs_coda->owner = THIS_MODULE;
coda_proc_create("vfs_stats", coda_vfs_stats_get_info);
---------------------------------------------------------
[BUG] function will not exit if req is NULL
/u2/acc/oses/linux/2.4.1/fs/coda/upcall.c:700:coda_upcall: ERROR:NULL:699:700: Using NULL ptr "req" illegally! set by 'kmalloc':699
Start --->
CODA_ALLOC(req,struct upc_req *,sizeof(struct upc_req));
Error --->
req->uc_data = (void *)buffer;
req->uc_flags = 0;
---------------------------------------------------------
[BUG] function will not exit if sig_req is NULL
/u2/acc/oses/linux/2.4.1/fs/coda/upcall.c:773:coda_upcall: ERROR:NULL:772:773: Using NULL ptr "sig_req" illegally! set by 'kmalloc':772
Start --->
CODA_ALLOC(sig_req, struct upc_req *, sizeof (struct upc_req));
Error --->
CODA_ALLOC((sig_req->uc_data), char *, sizeof(struct coda_in_hdr));
---------------------------------------------------------
[BUG] What are they trying to do?
/u2/acc/oses/linux/2.4.1/fs/hpfs/anode.c:191:hpfs_add_sector_to_btree: ERROR:NULL:197:191: Using NULL ptr "anode" illegally! set by 'hpfs_alloc_anode':197
Error --->
up = up != node ? anode->up : -1;
btree->u.internal[btree->n_used_nodes - 1].file_secno = /*fs*/-1;
if (up == -1) anode->up = ra;
mark_buffer_dirty(bh);
brelse(bh);
a = na;
Start --->
if ((anode = hpfs_alloc_anode(s, a, &na, &bh))) {
/*anode->up = up != -1 ? up : ra;*/
---------------------------------------------------------
[BUG] hpfs_map_anode
/u2/acc/oses/linux/2.4.1/fs/hpfs/anode.c:299:hpfs_remove_btree: ERROR:NULL:285:299: Using unknown ptr "anode" illegally! set by 'hpfs_map_anode':285
Start --->
anode = hpfs_map_anode(s, ano, &bh);
btree1 = &anode->btree;
level++;
pos = 0;
}
... DELETED 6 lines ...
if (hpfs_stop_cycles(s, ano, &c1, &c2, "hpfs_remove_btree #2")) return;
brelse(bh);
hpfs_free_sectors(s, ano, 1);
oano = ano;
Error --->
ano = anode->up;
if (--level) {
---------------------------------------------------------
[BUG] dereference to invalid pointer in error message
/u2/acc/oses/linux/2.4.1/fs/hpfs/dir.c:215:hpfs_lookup: ERROR:NULL:213:215: Using NULL ptr "result" illegally! set by 'iget':213
Start --->
if (!(result = iget(dir->i_sb, ino))) {
hpfs_unlock_iget(dir->i_sb);
Error --->
hpfs_error(result->i_sb, "hpfs_lookup: can't get inode");
goto bail1;
---------------------------------------------------------
[BUG] iget can return NULL
/u2/acc/oses/linux/2.4.1/fs/nfsd/nfsfh.c:140:nfsd_iget: ERROR:NULL:137:140: Using unknown ptr "inode" illegally! set by 'iget':137
Start --->
inode = iget(sb, ino);
if (is_bad_inode(inode)
|| (generation && inode->i_generation != generation)
Error --->
) {
/* we didn't find the right inode.. */
---------------------------------------------------------
[BUG] iget can return NULL
/u2/acc/oses/linux/2.4.1/fs/nfsd/nfsfh.c:146:nfsd_iget: ERROR:NULL:137:146: Using unknown ptr "inode" illegally! set by 'iget':137
Start --->
inode = iget(sb, ino);
if (is_bad_inode(inode)
|| (generation && inode->i_generation != generation)
) {
/* we didn't find the right inode.. */
dprintk("fh_verify: Inode %lu, Bad count: %d %d or version %u %u\n",
inode->i_ino,
inode->i_nlink, atomic_read(&inode->i_count),
inode->i_generation,
Error --->
generation);
---------------------------------------------------------
[BUG] iget can return NULL
/u2/acc/oses/linux/2.4.1/fs/nfsd/nfsfh.c:155:nfsd_iget: ERROR:NULL:137:155: Using unknown ptr "inode" illegally! set by 'iget':137
Start --->
inode = iget(sb, ino);
if (is_bad_inode(inode)
|| (generation && inode->i_generation != generation)
) {
/* we didn't find the right inode.. */
... DELETED 10 lines ...
/* now to find a dentry.
* If possible, get a well-connected one
*/
spin_lock(&dcache_lock);
Error --->
for (lp = inode->i_dentry.next; lp != &inode->i_dentry ; lp=lp->next) {
result = list_entry(lp,struct dentry, d_alias);
---------------------------------------------------------
[BUG] ntfs_find_attr. the return value of ntfs_find_attr is checked at the first callsite, but not at the second callsite.
/u2/acc/oses/linux/2.4.1/fs/ntfs/dir.c:854:ntfs_getdir_unsorted: ERROR:NULL:831:854: Using unknown ptr "attr" illegally! set by 'ntfs_find_attr':831
Start --->
attr=ntfs_find_attr(ino,vol->at_bitmap,I30);
if(!attr){
/* directory does not have index allocation */
*p_high=0xFFFFFFFF;
*p_low=0;
... DELETED 15 lines ...
return EIO;
}
attr=ntfs_find_attr(ino,vol->at_index_allocation,I30);
while(1){
Error --->
if(*p_high*vol->clustersize > attr->size){
/* no more index records */
---------------------------------------------------------
[BUG] ntfs_find_attr
/u2/acc/oses/linux/2.4.1/fs/ntfs/inode.c:130:ntfs_extend_mft: ERROR:NULL:129:130: Using unknown ptr "bmp" illegally! set by 'ntfs_find_attr':129
Start --->
bmp=ntfs_find_attr(vol->mft_ino,vol->at_bitmap,0);
Error --->
if(bmp->size*8<rcount){ /* less bits than MFT records */
ntfs_u8 buf[1];
---------------------------------------------------------
[BUG] ntfs_find_attr can return NULL
/u2/acc/oses/linux/2.4.1/fs/ntfs/inode.c:104:ntfs_extend_mft: ERROR:NULL:102:104: Using unknown ptr "mdata" illegally! set by 'ntfs_find_attr':102
Start --->
mdata=ntfs_find_attr(vol->mft_ino,vol->at_data,0);
/* first check whether there is uninitialized space */
Error --->
if(mdata->allocated<mdata->size+vol->mft_recordsize){
size=ntfs_get_free_cluster_count(vol->bitmap)*vol->clustersize;
---------------------------------------------------------
[BUG] ntfs_find_attr can return NULL
/u2/acc/oses/linux/2.4.1/fs/ntfs/inode.c:1077:ntfs_new_inode: ERROR:NULL:1076:1077: Using unknown ptr "data" illegally! set by 'ntfs_find_attr':1076
Start --->
data=ntfs_find_attr(vol->mft_ino,vol->at_data,0);
Error --->
length=data->size/vol->mft_recordsize;
---------------------------------------------------------
[BUG] bread
/u2/acc/oses/linux/2.4.1/fs/reiserfs/journal.c:1661:journal_read: ERROR:NULL:1636:1661: Using unknown ptr "d_bh" illegally! set by 'bread':1636
Start --->
d_bh = bread(p_s_sb->s_dev, reiserfs_get_journal_block(p_s_sb) + le32_to_cpu(jh->j_first_unflushed_offset), p_s_sb->s_blocksize) ;
ret = journal_transaction_is_valid(p_s_sb, d_bh, NULL, NULL) ;
if (!ret) {
continue_replay = 0 ;
}
... DELETED 17 lines ...
while(continue_replay && cur_dblock < (reiserfs_get_journal_block(p_s_sb) + JOURNAL_BLOCK_COUNT)) {
d_bh = bread(p_s_sb->s_dev, cur_dblock, p_s_sb->s_blocksize) ;
ret = journal_transaction_is_valid(p_s_sb, d_bh, &oldest_invalid_trans_id, &newest_mount_id) ;
if (ret == 1) {
Error --->
desc = (struct reiserfs_journal_desc *)d_bh->b_data ;
if (oldest_start == 0) { /* init all oldest_ values */
---------------------------------------------------------
[BUG] bread
/u2/acc/oses/linux/2.4.1/fs/reiserfs/journal.c:1661:journal_read: ERROR:NULL:1658:1661: Using unknown ptr "d_bh" illegally! set by 'bread':1658
Start --->
d_bh = bread(p_s_sb->s_dev, cur_dblock, p_s_sb->s_blocksize) ;
ret = journal_transaction_is_valid(p_s_sb, d_bh, &oldest_invalid_trans_id, &newest_mount_id) ;
if (ret == 1) {
Error --->
desc = (struct reiserfs_journal_desc *)d_bh->b_data ;
if (oldest_start == 0) { /* init all oldest_ values */
---------------------------------------------------------
[BUG] bread
/u2/acc/oses/linux/2.4.1/fs/udf/file.c:109:udf_adinicb_commit_write: ERROR:NULL:108:109: Using unknown ptr "bh" illegally! set by 'bread':108
Start --->
bh = bread (inode->i_dev, block, inode->i_sb->s_blocksize);
Error --->
memcpy(bh->b_data + udf_file_entry_alloc_offset(inode) + offset,
kaddr + offset, to-offset);
---------------------------------------------------------
[BUG] bread
/u2/acc/oses/linux/2.4.1/fs/udf/file.c:61:udf_adinicb_readpage: ERROR:NULL:60:61: Using unknown ptr "bh" illegally! set by 'bread':60
Start --->
bh = bread (inode->i_dev, block, inode->i_sb->s_blocksize);
Error --->
memcpy(kaddr, bh->b_data + udf_ext0_offset(inode), inode->i_size);
brelse(bh);
---------------------------------------------------------
[BUG] bread
/u2/acc/oses/linux/2.4.1/fs/udf/file.c:84:udf_adinicb_writepage: ERROR:NULL:83:84: Using unknown ptr "bh" illegally! set by 'bread':83
Start --->
bh = bread (inode->i_dev, block, inode->i_sb->s_blocksize);
Error --->
memcpy(bh->b_data + udf_ext0_offset(inode), kaddr, inode->i_size);
mark_buffer_dirty(bh);
---------------------------------------------------------
[BUG] udf_tread will call bread, which can return NULL if the block is unreadable
/u2/acc/oses/linux/2.4.1/fs/udf/namei.c:955:udf_symlink: ERROR:NULL:954:955: Using unknown ptr "bh" illegally! set by 'udf_tread':954
Start --->
bh = udf_tread(inode->i_sb, block, inode->i_sb->s_blocksize);
Error --->
ea = bh->b_data + udf_ext0_offset(inode);
---------------------------------------------------------
[BUG] The logic in the second for loop seems wrong
/u2/acc/oses/linux/2.4.1/fs/udf/partition.c:183:udf_fill_spartable: ERROR:NULL:136:183: Using NULL ptr "bh" illegally! set by 'udf_tread':136
Start --->
bh = udf_read_tagged(sb, spartable, spartable, &ident);
if (!bh)
{
sdata->s_spar_loc[i] = 0;
... DELETED 39 lines ...
continue;
}
index = 0;
}
Error --->
se = (SparingEntry *)&(bh->b_data[index]);
index += sizeof(SparingEntry);
---------------------------------------------------------
[BUG] bread
/u2/acc/oses/linux/2.4.1/fs/udf/super.c:1186:udf_load_partition: ERROR:NULL:1183:1186: Using unknown ptr "bh" illegally! set by 'bread':1183
Start --->
bh = bread(sb->s_dev, pos, sb->s_blocksize);
UDF_SB_TYPEVIRT(sb,i).s_start_offset =
le16_to_cpu(((struct VirtualAllocationTable20 *)bh->b_data + udf_ext0_offset(UDF_SB_VAT(sb)))->lengthHeader) +
Error --->
udf_ext0_offset(UDF_SB_VAT(sb));
UDF_SB_TYPEVIRT(sb,i).s_num_entries = (UDF_SB_VAT(sb)->i_size -
---------------------------------------------------------
[BUG] udf_read_tagged will call udf_read, which can return NULL
/u2/acc/oses/linux/2.4.1/fs/udf/super.c:1050:udf_process_sequence: ERROR:NULL:1049:1050: Using unknown ptr "bh2" illegally! set by 'udf_read_tagged':1049
Start --->
bh2 = udf_read_tagged(sb, j, j, &ident);
Error --->
gd = (struct GenericDesc *)bh2->b_data;
if (ident == TID_PARTITION_DESC)
---------------------------------------------------------
[BUG] at line 1796
/u2/acc/oses/linux/2.4.1/net/atm/lec.c:1799:lec_arp_update: ERROR:NULL:1798:1799: Using unknown ptr "entry" illegally! set by 'make_entry':1798
Start --->
entry = make_entry(priv, mac_addr);
Error --->
entry->status = ESI_UNKNOWN;
lec_arp_put(priv->lec_arp_tables, entry);
---------------------------------------------------------
[BUG] make_entry can return NULL
/u2/acc/oses/linux/2.4.1/net/atm/lec.c:1895:lec_vcc_added: ERROR:NULL:1892:1895: Using unknown ptr "entry" illegally! set by 'make_entry':1892
Start --->
entry = make_entry(priv, bus_mac);
memcpy(entry->atm_addr, ioc_data->atm_addr, ATM_ESA_LEN);
memset(entry->mac_addr, 0, ETH_ALEN);
Error --->
entry->recv_vcc = vcc;
entry->old_recv_push = old_push;
---------------------------------------------------------
[BUG] make_entry
/u2/acc/oses/linux/2.4.1/net/atm/lec.c:1970:lec_vcc_added: ERROR:NULL:1969:1970: Using unknown ptr "entry" illegally! set by 'make_entry':1969
Start --->
entry = make_entry(priv, bus_mac);
Error --->
entry->vcc = vcc;
entry->old_push = old_push;
---------------------------------------------------------
[BUG] br_get_port can return NULL
/u2/acc/oses/linux/2.4.1/net/bridge/br_stp.c:127:br_root_selection: ERROR:NULL:126:127: Using unknown ptr "p" illegally! set by 'br_get_port':126
Start --->
p = br_get_port(br, root_port);
Error --->
br->designated_root = p->designated_root;
br->root_path_cost = p->designated_cost + p->path_cost;
---------------------------------------------------------
[BUG] br_get_port can return NULL
/u2/acc/oses/linux/2.4.1/net/bridge/br_stp.c:81:br_should_become_root_port: ERROR:NULL:72:81: Using unknown ptr "rp" illegally! set by 'br_get_port':72
Start --->
rp = br_get_port(br, root_port);
t = memcmp(&p->designated_root, &rp->designated_root, 8);
if (t < 0)
return 1;
else if (t > 0)
return 0;
if (p->designated_cost + p->path_cost <
Error --->
rp->designated_cost + rp->path_cost)
return 1;
---------------------------------------------------------
[BUG] proc_mkdir can return NULL
/u2/acc/oses/linux/2.4.1/net/irda/irproc.c:70:irda_proc_register: ERROR:NULL:69:70: Using unknown ptr "proc_irda" illegally! set by 'proc_mkdir':69
Start --->
proc_irda = proc_mkdir("net/irda", NULL);
Error --->
proc_irda->owner = THIS_MODULE;
Junfeng Yang wrote:
> [BUG] fore200e_kmalloc can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/atm/fore200e.c:2032:fore200e_get_esi: ERROR:NULL:2020:2032: Using unknown ptr "prom" illegally! set by 'fore200e_kmalloc':2020
I don't see the bug - there is an explicit "if(!prom) return -ENOMEM;" after
the allocation. It looks fine to me.
> [BUG] break the while loop, but not the for loop
> /u2/acc/oses/linux/2.4.1/drivers/atm/zatm.c:1817:zatm_detect: ERROR:NULL:1804:1817: Using NULL ptr "zatm_dev" illegally! set by 'kmalloc':1804
Ah, good catch. It'd be almost impossible to actually trigger this since
you'd need multiple cards of different types (all of which are rare) and
end up with really bad allocation luck, but it is technically a bug.
Really line 1829 should be "if(!zatm_dev) return devs;"
> [BUG] at line 1796
> /u2/acc/oses/linux/2.4.1/net/atm/lec.c:1799:lec_arp_update: ERROR:NULL:1798:1799: Using unknown ptr "entry" illegally! set by 'make_entry':1798
Yep, all three of the catches in lec.c are real bugs - great work as always.
-Mitch
> > [BUG] fore200e_kmalloc can return NULL
> > /u2/acc/oses/linux/2.4.1/drivers/atm/fore200e.c:2032:fore200e_get_esi: ERROR:NULL:2020:2032: Using unknown ptr "prom" illegally! set by 'fore200e_kmalloc':2020
>
> I don't see the bug - there is an explicit "if(!prom) return -ENOMEM;" after
> the allocation. It looks fine to me.
We checked 2.4.1; it appears that by 2.4.2 someone had already fixed it :)
-Andy
On Sat, Mar 17, 2001 at 01:30:54AM -0800, Junfeng Yang wrote:
> ---------------------------------------------------------
> [BUG] dereference to invalid pointer "bluetooth" in error message
> /u2/acc/oses/linux/2.4.1/drivers/usb/bluetooth.c:924:bluetooth_read_bulk_callback: ERROR:NULL:828:924: Using NULL ptr "bluetooth" illegally! set by 'get_usb_bluetooth':828
>
> Start --->
> struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)urb->context, __FUNCTION__);
> unsigned char *data = urb->transfer_buffer;
> unsigned int count = urb->actual_length;
> unsigned int i;
> unsigned int packet_size;
>
> ... DELETED 88 lines ...
>
> bluetooth->bulk_packet_pos = 0;
> }
>
> exit:
> Error --->
> FILL_BULK_URB(bluetooth->read_urb, bluetooth->dev,
> usb_rcvbulkpipe(bluetooth->dev, bluetooth->bulk_in_endpointAddress),
This has already been fixed in a patch that was sent to the
linux-usb-devel and bluetooth mailing lists, but hasn't made it into the
kernel tree yet.
But good catch!
thanks,
greg k-h
--
greg@(kroah|wirex).com
http://immunix.org/~greg
Junfeng Yang wrote:
> [BUG] dev_alloc_skb can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/3c505.c:619:receive_packet: ERROR:NULL:598:619: Using NULL ptr "skb" illegally! set by 'dev_alloc_skb':598
Fixed.
> [BUG] init_etherdev could return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/3c515.c:604:corkscrew_found_device: ERROR:NULL:603:604: Using unknown ptr "dev" illegally! set by 'init_etherdev':603
>
> Start --->
> dev = init_etherdev(dev, sizeof(struct corkscrew_private));
> Error --->
> dev->base_addr = ioaddr;
> dev->irq = irq;
init_etherdev is a special case -- It can conditionally take NULL as its
first argument. If that is the case, when an allocation is performed,
and the return val needed to be checked for NULL. If init_etherdev's
first arg is guaranteed to be non-NULL, you do not need to check its
return value. 3c515 is one such case.
> [BUG] init_etherdev can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/aironet4500_card.c:537:awc4500_isa_probe: ERROR:NULL:535:537: Using unknown ptr "dev" illegally! set by 'init_etherdev':535
Fixed.
> [BUG]
> /u2/acc/oses/linux/2.4.1/drivers/net/aironet4500_card.c:375:awc4500_pnp_probe: ERROR:NULL:373:375: Using unknown ptr "dev" illegally! set by 'init_etherdev':373
Fixed.
> [BUG] dev_alloc_skb can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/defxx.c:2719:dfx_rcv_init: ERROR:NULL:2712:2719: Using unknown ptr "newskb" illegally! set by 'dev_alloc_skb':2712
Seems to be fixed already in my 2.4.3-pre4-based tree.
> [BUG] kmalloc can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/dgrs.c:1258:dgrs_found_device: ERROR:NULL:1256:1258: Using unknown ptr "dev" illegally! set by 'kmalloc':1256
Seems to be fixed already in my 2.4.3-pre4-based tree.
> [BUG] kmalloc can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/dgrs.c:1297:dgrs_found_device: ERROR:NULL:1294:1297: Using unknown ptr "devN" illegally! set by 'kmalloc':1294
Seems to be fixed already in my 2.4.3-pre4-based tree.
> [BUG] kmalloc can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/aironet4500_cs.c:181:awc_attach: ERROR:NULL:179:181: Using unknown ptr "link" illegally! set by 'kmalloc':179
>
> Start --->
> link = kmalloc(sizeof(struct dev_link_t), GFP_KERNEL);
> memset(link, 0, sizeof(struct dev_link_t));
> Error --->
> link->dev = kmalloc(sizeof(struct dev_node_t), GFP_KERNEL);
> memset(link->dev, 0, sizeof(struct dev_node_t));
Fixed. Your checker missed two other problems of the same sort in the
same function... one of the two missed is the link->dev kmalloc you show
in your example here.
> [BUG] kmalloc can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/wavelan_cs.c:4463:wavelan_attach: ERROR:NULL:4458:4463: Using unknown ptr "dev" illegally! set by 'kmalloc':4458
Seems to be fixed already in my 2.4.3-pre4-based tree.
> [BUG] kmalloc can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/wavelan_cs.c:4430:wavelan_attach: ERROR:NULL:4426:4430: Using unknown ptr "link" illegally! set by 'kmalloc':4426
Seems to be fixed already in my 2.4.3-pre4-based tree.
> [BUG] dev could be NULL, then init_etherdev -> init_netdev will alloc a new device -- it could fail.
> /u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/xircom_tulip_cb.c:559:tulip_probe1: ERROR:NULL:522:559: Using unknown ptr "dev" illegally! set by 'init_etherdev':522
Fixed, although this driver is going away when Arjan's Xircom driver
matures.
> [BUG] init_etherdev
> /u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/xircom_tulip_cb.c:577:tulip_probe1: ERROR:NULL:522:577: Using unknown ptr "dev" illegally! set by 'init_etherdev':522
> [BUG] init_etherdev
> /u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/xircom_tulip_cb.c:607:tulip_probe1: ERROR:NULL:522:607: Using unknown ptr "dev" illegally! set by 'init_etherdev':522
> [BUG] init_etherdev
> /u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/xircom_tulip_cb.c:636:tulip_probe1: ERROR:NULL:522:636: Using unknown ptr "dev" illegally! set by 'init_etherdev':522
> [BUG] init_etherdev
> /u2/acc/oses/linux/2.4.1/drivers/net/pcmcia/xircom_tulip_cb.c:642:tulip_probe1: ERROR:NULL:522:642: Using unknown ptr "dev" illegally! set by 'init_etherdev':522
Fixed by the above fix.
Is this a checker bug... or does the checker spit out each incorrect
de-ref?
> [BUG] function doesn't exit if skb == NULL. just printk
> /u2/acc/oses/linux/2.4.1/drivers/net/smc9194.c:1356:smc_rcv: ERROR:NULL:1341:1356: Using NULL ptr "skb" illegally! set by 'dev_alloc_skb':1341
Seems to be fixed already in my 2.4.3-pre4-based tree.
> [BUG] init_etherdev can return NULL if dev is NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/sunhme.c:2838:happy_meal_pci_init: ERROR:NULL:2806:2838: Using unknown ptr "dev" illegally! set by 'init_etherdev':2806
Fixed.
> [BUG] dev could be NULL, then init_trdev will call init_netdev to allocate a new device.
> /u2/acc/oses/linux/2.4.1/drivers/net/tokenring/ibmtr.c:405:ibmtr_probe1: ERROR:NULL:304:405: Using unknown ptr "dev" illegally! set by 'init_trdev':304
>
> Start --->
> dev = init_trdev(dev,0);
As with 3c515, this is a false positive. 'dev' is never NULL when
passed to init_trdev, so the call always succeeds.
> [BUG] dev_alloc_skb can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/tokenring/lanstreamer.c:1429:streamer_arb_cmd: ERROR:NULL:1386:1429: Using unknown ptr "mac_frame" illegally! set by 'dev_alloc_skb':1386
Seems to be fixed already in my 2.4.3-pre4 tree.
> [BUG] dev_alloc_skb can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/tokenring/olympic.c:1276:olympic_arb_cmd: ERROR:NULL:1258:1276: Using unknown ptr "mac_frame" illegally! set by 'dev_alloc_skb':1258
Fixed.
> [BUG] init_trdev can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/tokenring/olympic.c:219:olympic_scan: ERROR:NULL:217:219: Using unknown ptr "dev" illegally! set by 'init_trdev':217
Fixed.
> [BUG] kmalloc can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/tokenring/olympic.c:226:olympic_scan: ERROR:NULL:212:226: Using unknown ptr "olympic_priv" illegally! set by 'kmalloc':212
Seems to be fixed already in my 2.4.3-pre4 tree.
> [BUG] dev_alloc_skb can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/tokenring/smctr.c:3956:smctr_process_rx_packet: ERROR:NULL:3955:3956: Using unknown ptr "skb" illegally! set by 'dev_alloc_skb':3955
Seems to be fixed already in my 2.4.3-pre4 tree.
> [BUG] dev_alloc_skb can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/tokenring/smctr.c:4633:smctr_rx_frame: ERROR:NULL:4630:4633: Using unknown ptr "skb" illegally! set by 'dev_alloc_skb':4630
Fixed.
> [BUG] dev_alloc_skb can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/tokenring/tms380tr.c:2167:tms380tr_rcv_status_irq: ERROR:NULL:2149:2167: Using NULL ptr "skb" illegally! set by 'dev_alloc_skb':2149
Seems to be fixed already in my 2.4.3-pre4 tree.
> [BUG] dev_alloc_skb can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/net/tokenring/tms380tr.c:2172:tms380tr_rcv_status_irq: ERROR:NULL:2149:2172: Using NULL ptr "skb" illegally! set by 'dev_alloc_skb':2149
Fixed.
> [BUG] kmalloc can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/pci/setup-res.c:166:pdev_sort_resources: ERROR:NULL:165:166: Using unknown ptr "tmp" illegally! set by 'kmalloc':165
>
> Start --->
> tmp = kmalloc(sizeof(*tmp), GFP_KERNEL);
> Error --->
> tmp->next = ln;
> tmp->res = r;
> ---------------------------------------------------------
> [BUG] kmalloc can return NULL
> /u2/acc/oses/linux/2.4.1/drivers/pcmcia/bulkmem.c:231:setup_erase_request: ERROR:NULL:230:231: Using unknown ptr "busy" illegally! set by 'kmalloc':230
>
> Start --->
> busy = kmalloc(sizeof(erase_busy_t), GFP_KERNEL);
> Error --->
This sizeof() construct may be a special case for your checker, but it's
a common one for the kernel... It definitely doesn't de-reference a
pointer.
--
Jeff Garzik | May you have warm words on a cold evening,
Building 1024 | a full mooon on a dark night,
MandrakeSoft | and a smooth road all the way to your door.
On Sun, 18 Mar 2001 06:29:50 -0500,
Jeff Garzik <[email protected]> wrote:
>Junfeng Yang wrote:
>> Start --->
>> busy = kmalloc(sizeof(erase_busy_t), GFP_KERNEL);
>> Error --->
>
>This sizeof() construct may be a special case for your checker, but it's
>a common one for the kernel... It definitely doesn't de-reference a
>pointer.
IMHO the above line is a bad construct. If the type of the variable
changes it is extremely easy to miss the fact that *alloc is now
returning the wrong size. I always do
busy = kmalloc(sizeof(*busy), GFP_KERNEL);
and let the compiler insert the correct type.
For the checker, you can also have typeof(). kdb has this line
typeof (*ef) local_ef;
The type definition of ef is kdb_eframe_t which is "pointer to some
arch dependent type" and local_ef is in arch independent code, much
easier to do this than use multiple #ifdef. Of course it would have
been even easier if kdb had separate types for the struct and the
pointer to the struct, then I would not need typeof(). OTOH I am sure
that somebody will find a use for typeof().
Jeff Garzic writes:
> > [BUG] init_etherdev could return NULL
> > /u2/acc/oses/linux/2.4.1/drivers/net/3c515.c:604:corkscrew_found_device: ERROR:NULL:603:604: Using unknown ptr "dev" illegally! set by 'init_etherdev':603
> >
> > Start --->
> > dev = init_etherdev(dev, sizeof(struct corkscrew_private));
> > Error --->
> > dev->base_addr = ioaddr;
> > dev->irq = irq;
>
> init_etherdev is a special case -- It can conditionally take NULL as its
> first argument. If that is the case, when an allocation is performed,
> and the return val needed to be checked for NULL. If init_etherdev's
> first arg is guaranteed to be non-NULL, you do not need to check its
> return value. 3c515 is one such case.
If this is the case, why not change it to look like:
init_etherdev(dev, sizeof(struct corkscrew_private));
so it doesn't appear that you are setting "dev" again?
> > dev = init_trdev(dev,0);
Ditto, don't make it look like "dev" is getting set on the return value,
when it is already set when calling the function.
> > /u2/acc/oses/linux/2.4.1/drivers/pcmcia/bulkmem.c:231:setup_erase_request: ERROR:NULL:230:231: Using unknown ptr "busy" illegally! set by 'kmalloc':230
> >
> > Start --->
> > busy = kmalloc(sizeof(erase_busy_t), GFP_KERNEL);
> > Error --->
>
> This sizeof() construct may be a special case for your checker, but it's
> a common one for the kernel... It definitely doesn't de-reference a
> pointer.
It is the "busy" pointer that appears to be dereferenced, not the sizeof.
We need something like (ERASE_BAD_KMALLOC doesn't yet exist):
else if ((busy = kmalloc(sizeof(erase_busy_t), GFP_KERNEL)) == NULL)
erase->State = ERASE_BAD_KMALLOC;
else {
erase->State = 1;
...
}
Cheers, Andreas
--
Andreas Dilger \ "If a man ate a pound of pasta and a pound of antipasto,
\ would they cancel out, leaving him still hungry?"
http://www-mddsp.enel.ucalgary.ca/People/adilger/ -- Dogbert
Hi,
I'm interested in one specific "bug" reported out of these 120 and
no one seems to have responded about it yet. It reports the error on
line 889 (drivers/scsi/sd.c), but line 825 also seems bad (memsetting
the pointer that was allocated before checking for NULL). This piece
of code seems to go back to the 1.0 version of the kernel, hence my
suspcision about it actually being a bug. Anyone have thoughts about
it? Thanks!
-ben
---------------------------------------------------------
[BUG] scsi_malloc can return NULL. it should find error at line 756
2.4.1/drivers/scsi/sd.c:889:sd_init_onedisk:
ERROR:NULL:738:889: Using unknown ptr "buffer" illegally! set by
'scsi_malloc':738
Start --->
buffer = (unsigned char *) scsi_malloc(512);
spintime = 0;
/* Spin up drives, as required. Only do this at boot time */
... DELETED 143 lines ...
rscsi_disks[i].capacity = 1 + ((buffer[0] << 24) |
(buffer[1] << 16) |
(buffer[2] << 8) |
Error --->
buffer[3]);
---------------------------------------------------------