Date: Mon, 17 Nov 2008 16:32:19 -0500 From: John Baldwin <jhb@freebsd.org> To: Pawel Jakub Dawidek <pjd@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Philip Paeps <philip@freebsd.org> Subject: Re: svn commit: r185021 - head/sys/dev/glxsb Message-ID: <200811171632.19955.jhb@freebsd.org> In-Reply-To: <20081117165006.GA1489@garage.freebsd.pl> References: <200811170709.mAH79ecr075977@svn.freebsd.org> <20081117165006.GA1489@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 17 November 2008 11:51:52 am Pawel Jakub Dawidek wrote: > On Mon, Nov 17, 2008 at 07:09:40AM +0000, Philip Paeps wrote: > > Author: philip > > Date: Mon Nov 17 07:09:40 2008 > > New Revision: 185021 > > URL: http://svn.freebsd.org/changeset/base/185021 > > > > Log: > > Fix two possible (but unlikely) NULL-pointer dereferences in glxsb(4). > > > > Spotted by: Coverity > > MFC after: 1 week > > > > Modified: > > head/sys/dev/glxsb/glxsb.c > > > > Modified: head/sys/dev/glxsb/glxsb.c > > ============================================================================== > > --- head/sys/dev/glxsb/glxsb.c Mon Nov 17 07:03:05 2008 (r185020) > > +++ head/sys/dev/glxsb/glxsb.c Mon Nov 17 07:09:40 2008 (r185021) > > @@ -358,7 +358,8 @@ glxsb_detach(device_t dev) > > return (EBUSY); > > } > > } > > - while ((ses = TAILQ_FIRST(&sc->sc_sessions)) != NULL) { > > + while (!TAILQ_EMPTY(&sc->sc_sessions)) { > > + ses = TAILQ_FIRST(&sc->sc_sessions); > > This is perfectly valid, and if it was reported by coverity, it is a > false positive. Yes, I've flagged several false positives of this type in Coverity previously. It doesn't like that construct as it doesn't realize that TAILQ_REMOVE is changing the head (hard for it to go through the *tqe_prev indirection I think). -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811171632.19955.jhb>