This error handling code can be reached before st->ts_input is
initialized, so it is safer to always use the original name, input_dev.
A simplified version of the semantic match that finds this problem is:
// <smpl>
@r exists@
local idexpression struct input_dev * x;
expression ra,rr;
@@
* x = input_allocate_device(...)
... when != x = rr
when != input_free_device(x,...)
when != if (...) { ... input_free_device(x,...) ...}
if(...) { ... when != x = ra
when forall
* when != input_free_device(x,...)
\(return <+...x...+>; \| return...; \) }
// </smpl>
Signed-off-by: Himangi Saraogi <[email protected]>
---
drivers/iio/adc/at91_adc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c
index 3b5bacd..73b2bb5 100644
--- a/drivers/iio/adc/at91_adc.c
+++ b/drivers/iio/adc/at91_adc.c
@@ -1114,7 +1114,7 @@ static int at91_ts_register(struct at91_adc_state *st,
return ret;
err:
- input_free_device(st->ts_input);
+ input_free_device(input);
return ret;
}
--
1.9.1
On 13/06/14 18:11, Himangi Saraogi wrote:
> This error handling code can be reached before st->ts_input is
> initialized, so it is safer to always use the original name, input_dev.
>
> A simplified version of the semantic match that finds this problem is:
>
> // <smpl>
> @r exists@
> local idexpression struct input_dev * x;
> expression ra,rr;
> @@
>
> * x = input_allocate_device(...)
> ... when != x = rr
> when != input_free_device(x,...)
> when != if (...) { ... input_free_device(x,...) ...}
> if(...) { ... when != x = ra
> when forall
> * when != input_free_device(x,...)
> \(return <+...x...+>; \| return...; \) }
>
> // </smpl>
>
> Signed-off-by: Himangi Saraogi <[email protected]>
The error handling in this function has been completely rewritten so the
bug is no longer there and this no longer applies.
Thanks,
Jonathan
> ---
> drivers/iio/adc/at91_adc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c
> index 3b5bacd..73b2bb5 100644
> --- a/drivers/iio/adc/at91_adc.c
> +++ b/drivers/iio/adc/at91_adc.c
> @@ -1114,7 +1114,7 @@ static int at91_ts_register(struct at91_adc_state *st,
> return ret;
>
> err:
> - input_free_device(st->ts_input);
> + input_free_device(input);
> return ret;
> }
>
>
On 14/06/2014 at 16:41:20 +0100, Jonathan Cameron wrote :
> On 13/06/14 18:11, Himangi Saraogi wrote:
> >This error handling code can be reached before st->ts_input is
> >initialized, so it is safer to always use the original name, input_dev.
> >
> >A simplified version of the semantic match that finds this problem is:
> >
> >// <smpl>
> >@r exists@
> >local idexpression struct input_dev * x;
> >expression ra,rr;
> >@@
> >
> >* x = input_allocate_device(...)
> >... when != x = rr
> > when != input_free_device(x,...)
> > when != if (...) { ... input_free_device(x,...) ...}
> >if(...) { ... when != x = ra
> > when forall
> >* when != input_free_device(x,...)
> > \(return <+...x...+>; \| return...; \) }
> >
> >// </smpl>
> >
> >Signed-off-by: Himangi Saraogi <[email protected]>
> The error handling in this function has been completely rewritten so the
> bug is no longer there and this no longer applies.
Hum, actually, you are wrong and I introduced that bug in 3.16. The
change didn't come from your tree so it is not up to date.
So either you take it after 3.16-rc1 or we can ask Nicolas to get it
through the at91 tree.
Either way:
Acked-by: Alexandre Belloni <[email protected]>
--
Alexandre Belloni, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
On 14/06/14 22:17, Alexandre Belloni wrote:
> On 14/06/2014 at 16:41:20 +0100, Jonathan Cameron wrote :
>> On 13/06/14 18:11, Himangi Saraogi wrote:
>>> This error handling code can be reached before st->ts_input is
>>> initialized, so it is safer to always use the original name, input_dev.
>>>
>>> A simplified version of the semantic match that finds this problem is:
>>>
>>> // <smpl>
>>> @r exists@
>>> local idexpression struct input_dev * x;
>>> expression ra,rr;
>>> @@
>>>
>>> * x = input_allocate_device(...)
>>> ... when != x = rr
>>> when != input_free_device(x,...)
>>> when != if (...) { ... input_free_device(x,...) ...}
>>> if(...) { ... when != x = ra
>>> when forall
>>> * when != input_free_device(x,...)
>>> \(return <+...x...+>; \| return...; \) }
>>>
>>> // </smpl>
>>>
>>> Signed-off-by: Himangi Saraogi <[email protected]>
>> The error handling in this function has been completely rewritten so the
>> bug is no longer there and this no longer applies.
>
> Hum, actually, you are wrong and I introduced that bug in 3.16. The
> change didn't come from your tree so it is not up to date.
>
> So either you take it after 3.16-rc1 or we can ask Nicolas to get it
> through the at91 tree.
Ah, that would do it!
I'm lagging a bit (just sending a pull request for some fixes from pre 3.16
merge window opening). Will pick this up later in the week.
oops.
J
>
>
> Either way:
>
> Acked-by: Alexandre Belloni <[email protected]>
>