From: Julia Lawall <[email protected]>
The variable x is initialized twice to the same (side effect-free)
expression. Drop one initialization.
A simplified version of the semantic match that finds this problem is:
(http://coccinelle.lip6.fr/)
// <smpl>
@forall@
idexpression *x;
identifier f!=ERR_PTR;
@@
x = f(...)
... when != x
(
x = f(...,<+...x...+>,...)
|
* x = f(...)
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
drivers/char/mmtimer.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/char/mmtimer.c b/drivers/char/mmtimer.c
index 918711a..04fd0d8 100644
--- a/drivers/char/mmtimer.c
+++ b/drivers/char/mmtimer.c
@@ -546,9 +546,9 @@ static void mmtimer_tasklet(unsigned long data)
{
int nodeid = data;
struct mmtimer_node *mn = &timers[nodeid];
- struct mmtimer *x = rb_entry(mn->next, struct mmtimer, list);
+ struct mmtimer *x;
struct k_itimer *t;
unsigned long flags;
Julia Lawall wrote:
> The variable x is initialized twice to the same (side effect-free)
> expression. Drop one initialization.
[...]
> --- a/drivers/char/mmtimer.c
> +++ b/drivers/char/mmtimer.c
> @@ -546,9 +546,9 @@ static void mmtimer_tasklet(unsigned long data)
> {
> int nodeid = data;
> struct mmtimer_node *mn = &timers[nodeid];
> - struct mmtimer *x = rb_entry(mn->next, struct mmtimer, list);
> + struct mmtimer *x;
> struct k_itimer *t;
> unsigned long flags;
The next x = rb_entry(mn->next, struct mmtimer, list); is preceded by a
test whether mn->next is NULL.
Unless that test is redundant too, your patch fixes a potential NULL
pointer dereference, introduced by commit cbacdd95 "SGI Altix mmtimer:
allow larger number of timers per node" in 2.6.26.
--
Stefan Richter
-=====-==-=- ---= =---=
http://arcgraph.de/sr/