ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1658

User:	Jiri Slaby
Error type:	Invalid Pointer Dereference
Error type description:	A pointer which is invalid is being dereferenced
File location:	fs/cifs/connect.c
Line in file:	3361
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Smatch (1.59)
Entered:	2013-09-10 07:54:05 UTC

Source:

3331                                                cifs_strfromUCS_le(ses->
3332                                                                   serverNOS,
3333                                                                   (__le16 *)
3334                                                                   bcc_ptr,
3335                                                                   len,
3336                                                                   nls_codepage);
3337                                                bcc_ptr += 2 * (len + 1);
3338                                                ses->serverNOS[2 * len] = 0;
3339                                                ses->serverNOS[1+(2*len)] = 0;
3340                                                remaining_words -= len + 1;
3341                                                if (remaining_words > 0) {
3342                                                        len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3343     /* last string not always null terminated (e.g. for Windows XP & 2000) */
3344                                                        if (ses->serverDomain)
3345                                                                kfree(ses->serverDomain);
3346                                                        ses->serverDomain =
3347                                                            kzalloc(2 *
3348                                                                    (len +
3349                                                                     1),
3350                                                                    GFP_KERNEL);
3351                                                        cifs_strfromUCS_le
3352                                                            (ses->
3353                                                             serverDomain,
3354                                                             (__le16 *)
3355                                                             bcc_ptr, len,
3356                                                             nls_codepage);
3357                                                        bcc_ptr +=
3358                                                            2 * (len + 1);
3359                                                        ses->
3360                                                            serverDomain[2
3361                                                                         * len]
3362                                                            = 0;
3363                                                        ses->
3364                                                            serverDomain[1
3365                                                                         +
3366                                                                         (2
3367                                                                          *
3368                                                                          len)]
3369                                                            = 0;
3370                                                } /* else no more room so create dummy domain string */
3371                                                else {

Show full sources