svn commit: r185021 - head/sys/dev/glxsb
John Baldwin
jhb at freebsd.org
Mon Nov 17 15:04:20 PST 2008
On Monday 17 November 2008 11:51:52 am Pawel Jakub Dawidek wrote:
> On Mon, Nov 17, 2008 at 07:09:40AM +0000, Philip Paeps wrote:
> > Author: philip
> > Date: Mon Nov 17 07:09:40 2008
> > New Revision: 185021
> > URL: http://svn.freebsd.org/changeset/base/185021
> >
> > Log:
> > Fix two possible (but unlikely) NULL-pointer dereferences in glxsb(4).
> >
> > Spotted by: Coverity
> > MFC after: 1 week
> >
> > Modified:
> > head/sys/dev/glxsb/glxsb.c
> >
> > Modified: head/sys/dev/glxsb/glxsb.c
> >
==============================================================================
> > --- head/sys/dev/glxsb/glxsb.c Mon Nov 17 07:03:05 2008 (r185020)
> > +++ head/sys/dev/glxsb/glxsb.c Mon Nov 17 07:09:40 2008 (r185021)
> > @@ -358,7 +358,8 @@ glxsb_detach(device_t dev)
> > return (EBUSY);
> > }
> > }
> > - while ((ses = TAILQ_FIRST(&sc->sc_sessions)) != NULL) {
> > + while (!TAILQ_EMPTY(&sc->sc_sessions)) {
> > + ses = TAILQ_FIRST(&sc->sc_sessions);
>
> This is perfectly valid, and if it was reported by coverity, it is a
> false positive.
Yes, I've flagged several false positives of this type in Coverity previously.
It doesn't like that construct as it doesn't realize that TAILQ_REMOVE is
changing the head (hard for it to go through the *tqe_prev indirection I
think).
--
John Baldwin
More information about the svn-src-head
mailing list