Showing error 1892

User: Jiri Slaby
Error type: Invalid Pointer Dereference
Error type description: A pointer which is invalid is being dereferenced
File location: net/ipv6/mcast.c
Line in file: 646
Project: Linux Kernel
Project version: 2.6.28
Tools: Smatch (1.59)
Entered: 2013-09-11 08:47:26 UTC

Source: 

 616                        continue;
 617                if (ipv6_addr_equal(group, &pmc->addr))
 618                        break;
 619        }
 620        if (!pmc)                /* must have a prior join */
 621                goto done;
 622        gsf->gf_fmode = pmc->sfmode;
 623        psl = pmc->sflist;
 624        count = psl ? psl->sl_count : 0;
 625        read_unlock_bh(&idev->lock);
 626        in6_dev_put(idev);
 627        dev_put(dev);
 628
 629        copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc;
 630        gsf->gf_numsrc = count;
 631        if (put_user(GROUP_FILTER_SIZE(copycount), optlen) ||
 632            copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) {
 633                return -EFAULT;
 634        }
 635        /* changes to psl require the socket lock, a read lock on
 636         * on ipv6_sk_mc_lock and a write lock on pmc->sflock. We
 637         * have the socket lock, so reading here is safe.
 638         */
 639        for (i=0; i<copycount; i++) {
 640                struct sockaddr_in6 *psin6;
 641                struct sockaddr_storage ss;
 642
 643                psin6 = (struct sockaddr_in6 *)&ss;
 644                memset(&ss, 0, sizeof(ss));
 645                psin6->sin6_family = AF_INET6;
 646                psin6->sin6_addr = psl->sl_addr[i];
 647                if (copy_to_user(&optval->gf_slist[i], &ss, sizeof(ss)))
 648                        return -EFAULT;
 649        }
 650        return 0;
 651done:
 652        read_unlock_bh(&idev->lock);
 653        in6_dev_put(idev);
 654        dev_put(dev);
 655        return err;
 656}
Show full sources