The following commit has been merged in the linux branch: commit a1104016ce8f7750ecd8ca6129786bc549aa5c38 Author: Julia Lawall julia@diku.dk Date: Sat Oct 17 08:41:47 2009 +0200
drivers/ata/libata: Move dereference after NULL test
In each case, if the NULL test on qc is needed, then the derefernce should be after the NULL test.
A simplified version of the semantic match that detects this problem is as follows (http://coccinelle.lip6.fr/):
// <smpl> @match exists@ expression x, E; identifier fld; @@
* x->fld ... when != (x = E|&x) * x == NULL // </smpl>
Signed-off-by: Julia Lawall julia@diku.dk Signed-off-by: Jeff Garzik jgarzik@redhat.com
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index d7f0f1b..dc72690 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -4919,10 +4919,11 @@ struct ata_queued_cmd *ata_qc_new_init(struct ata_device *dev) */ void ata_qc_free(struct ata_queued_cmd *qc) { - struct ata_port *ap = qc->ap; + struct ata_port *ap; unsigned int tag;
WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ + ap = qc->ap;
qc->flags = 0; tag = qc->tag; @@ -4934,11 +4935,13 @@ void ata_qc_free(struct ata_queued_cmd *qc)
void __ata_qc_complete(struct ata_queued_cmd *qc) { - struct ata_port *ap = qc->ap; - struct ata_link *link = qc->dev->link; + struct ata_port *ap; + struct ata_link *link;
WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); + ap = qc->ap; + link = qc->dev->link;
if (likely(qc->flags & ATA_QCFLAG_DMAMAP)) ata_sg_clean(qc);