Showing error 1627

User: Jiri Slaby
Error type: Invalid Pointer Dereference
Error type description: A pointer which is invalid is being dereferenced
File location: drivers/infiniband/hw/nes/nes_cm.c
Line in file: 1891
Project: Linux Kernel
Project version: 2.6.28
Tools: Smatch (1.59)
Entered: 2013-09-10 07:54:05 UTC

Source: 

1861        struct ietf_mpa_frame *mpa_frame = NULL;
1862
1863        /* create a CM connection node */
1864        cm_node = make_cm_node(cm_core, nesvnic, cm_info, NULL);
1865        if (!cm_node)
1866                return NULL;
1867        mpa_frame = &cm_node->mpa_frame;
1868        strcpy(mpa_frame->key, IEFT_MPA_KEY_REQ);
1869        mpa_frame->flags = IETF_MPA_FLAGS_CRC;
1870        mpa_frame->rev =  IETF_MPA_VERSION;
1871        mpa_frame->priv_data_len = htons(private_data_len);
1872
1873        /* set our node side to client (active) side */
1874        cm_node->tcp_cntxt.client = 1;
1875        cm_node->tcp_cntxt.rcv_wscale = NES_CM_DEFAULT_RCV_WND_SCALE;
1876
1877        if (cm_info->loc_addr == cm_info->rem_addr) {
1878                loopbackremotelistener = find_listener(cm_core,
1879                                ntohl(nesvnic->local_ipaddr), cm_node->rem_port,
1880                                NES_CM_LISTENER_ACTIVE_STATE);
1881                if (loopbackremotelistener == NULL) {
1882                        create_event(cm_node, NES_CM_EVENT_ABORTED);
1883                } else {
1884                        atomic_inc(&cm_loopbacks);
1885                        loopback_cm_info = *cm_info;
1886                        loopback_cm_info.loc_port = cm_info->rem_port;
1887                        loopback_cm_info.rem_port = cm_info->loc_port;
1888                        loopback_cm_info.cm_id = loopbackremotelistener->cm_id;
1889                        loopbackremotenode = make_cm_node(cm_core, nesvnic,
1890                                &loopback_cm_info, loopbackremotelistener);
1891                        loopbackremotenode->loopbackpartner = cm_node;
1892                        loopbackremotenode->tcp_cntxt.rcv_wscale =
1893                                NES_CM_DEFAULT_RCV_WND_SCALE;
1894                        cm_node->loopbackpartner = loopbackremotenode;
1895                        memcpy(loopbackremotenode->mpa_frame_buf, private_data,
1896                                private_data_len);
1897                        loopbackremotenode->mpa_frame_size = private_data_len;
1898
1899                        /* we are done handling this state. */
1900                        /* set node to a TSA state */
1901                        cm_node->state = NES_CM_STATE_TSA;
Show full sources