Showing error 1654

User: Jiri Slaby
Error type: Invalid Pointer Dereference
Error type description: A pointer which is invalid is being dereferenced
File location: fs/cifs/connect.c
Line in file: 2936
Project: Linux Kernel
Project version: 2.6.28
Tools: Smatch (1.59)
Entered: 2013-09-10 07:54:05 UTC

Source: 

2906   the end since (at least) WIN2K and Windows XP have a major bug in not null
2907   terminating last Unicode string in response  */
2908                                        if (ses->serverOS)
2909                                                kfree(ses->serverOS);
2910                                        ses->serverOS =
2911                                            kzalloc(2 * (len + 1), GFP_KERNEL);
2912                                        cifs_strfromUCS_le(ses->serverOS,
2913                                                           (__le16 *)
2914                                                           bcc_ptr, len,
2915                                                           nls_codepage);
2916                                        bcc_ptr += 2 * (len + 1);
2917                                        remaining_words -= len + 1;
2918                                        ses->serverOS[2 * len] = 0;
2919                                        ses->serverOS[1 + (2 * len)] = 0;
2920                                        if (remaining_words > 0) {
2921                                                len = UniStrnlen((wchar_t *)
2922                                                                 bcc_ptr,
2923                                                                 remaining_words
2924                                                                 - 1);
2925                                                kfree(ses->serverNOS);
2926                                                ses->serverNOS =
2927                                                    kzalloc(2 * (len + 1),
2928                                                            GFP_KERNEL);
2929                                                cifs_strfromUCS_le(ses->
2930                                                                   serverNOS,
2931                                                                   (__le16 *)
2932                                                                   bcc_ptr,
2933                                                                   len,
2934                                                                   nls_codepage);
2935                                                bcc_ptr += 2 * (len + 1);
2936                                                ses->serverNOS[2 * len] = 0;
2937                                                ses->serverNOS[1 +
2938                                                               (2 * len)] = 0;
2939                                                remaining_words -= len + 1;
2940                                                if (remaining_words > 0) {
2941                                                        len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2942                                /* last string not always null terminated
2943                                   (for e.g. for Windows XP & 2000) */
2944                                                        kfree(ses->serverDomain);
2945                                                        ses->serverDomain =
2946                                                            kzalloc(2 *
Show full sources