Bug 9583

Summary: Possible NULL pointer dereference on drivers/infiniband/hw/cxgb3/iwch_cm.c
Product: Drivers Reporter: Marcio Buss (marciobuss)
Component: NetworkAssignee: drivers_network (drivers_network)
Status: RESOLVED OBSOLETE    
Severity: low CC: alan, roland, xerofoify
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.29 Subsystem:
Regression: No Bisected commit-id:

Description Marcio Buss 2007-12-15 17:49:49 UTC 
There's a potential null pointer dereference on 
drivers/infiniband/hw/cxgb3/iwch_cm.c, line 731 (it's
not clear whether the bug exists because it depends
on the relationship between "status" parameter and
the value of "ep->com.cm_id"). In any case, here it goes:

(1) let the "if" statement at line 725 evaluate to false,
    implying that "ep->com.cm_id" is null.
(2) let the "if" statement at line 730 evalue to true
(3) now the statement at line 731 dereferences the null
    pointer "ep->com.cm_id."
Comment 1 Alan 2009-03-24 04:10:24 UTC 
[connect_reply_upcall and still present]
Comment 2 xerofoify 2014-06-24 17:05:10 UTC 
This bug is old and outdated. Please tell against newer kernel and see if fixed.
Thanks Nick