ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1801

User:	Jiri Slaby
Error type:	Invalid Pointer Dereference
Error type description:	A pointer which is invalid is being dereferenced
File location:	drivers/isdn/hardware/eicon/debug.c
Line in file:	704
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Smatch (1.59)
Entered:	2013-09-11 08:47:26 UTC

Source:

 674
 675  case DLI_LOG :
 676  case DLI_FTL :
 677  case DLI_ERR :
 678  case DLI_TRC :
 679  case DLI_REG :
 680  case DLI_MEM :
 681  case DLI_SPL :
 682  case DLI_IRP :
 683  case DLI_TIM :
 684  case DLI_TAPI:
 685  case DLI_NDIS:
 686  case DLI_CONN:
 687  case DLI_STAT:
 688  case DLI_PRV0:
 689  case DLI_PRV1:
 690  case DLI_PRV2:
 691  case DLI_PRV3:
 692    if ((length = (unsigned long)vsprintf (&fmtBuf[0], format, ap)) > 0) {
 693      length += (sizeof(*pmsg)+1);
 694
 695      while (!(pmsg = (diva_dbg_entry_head_t*)queueAllocMsg (dbg_queue,
 696                                                          (word)length))) {
 697        if ((pmsg = (diva_dbg_entry_head_t*)queuePeekMsg (dbg_queue, &size))) {
 698          queueFreeMsg (dbg_queue);
 699        } else {
 700          break;
 701        }
 702      }
 703
 704      pmsg->sequence    = dbg_sequence++;
 705      pmsg->time_sec    = sec;
 706      pmsg->time_usec   = usec;
 707      pmsg->facility    = MSG_TYPE_STRING;
 708      pmsg->dli         = type; /* DLI_XXX */
 709      pmsg->drv_id      = id;   /* driver MAINT id */
 710      pmsg->di_cpu      = 0;
 711      pmsg->data_length = length - sizeof(*pmsg);
 712
 713      memcpy (&pmsg[1], fmtBuf, pmsg->data_length);
 714                  queueCompleteMsg (pmsg);

Show full sources