2005-09-19 18:14:40

by Al Viro

Subject: [PATCH] dereference of uninitialized pointer in zatm

Breakage from [NET]: Kill skb->list
Signed-off-by: Al Viro <[email protected]>
----
diff -urN RC13-base/drivers/atm/zatm.c current/drivers/atm/zatm.c
--- RC13-base/drivers/atm/zatm.c 2005-08-30 03:24:42.000000000 -0400
+++ current/drivers/atm/zatm.c 2005-08-30 03:25:18.000000000 -0400
@@ -417,9 +417,9 @@
chan = (here[3] & uPD98401_AAL5_CHAN) >>
uPD98401_AAL5_CHAN_SHIFT;
if (chan < zatm_dev->chans && zatm_dev->rx_map[chan]) {
- int pos = ZATM_VCC(vcc)->pool;
-
+ int pos;
vcc = zatm_dev->rx_map[chan];
+ pos = ZATM_VCC(vcc)->pool;
if (skb == zatm_dev->last_free[pos])
zatm_dev->last_free[pos] = NULL;
skb_unlink(skb, zatm_dev->pool + pos);