Showing error 1905

User: Jiri Slaby
Error type: Invalid Pointer Dereference
Error type description: A pointer which is invalid is being dereferenced
File location: net/802/garp.c
Line in file: 291
Project: Linux Kernel
Project version: 2.6.28
Tools: Smatch (1.59)
Entered: 2013-09-11 08:47:26 UTC

Source: 

261        while ((skb = skb_dequeue(&app->queue)))
262                dev_queue_xmit(skb);
263}
264
265static int garp_pdu_append_msg(struct garp_applicant *app, u8 attrtype)
266{
267        struct garp_msg_hdr *gm;
268
269        if (skb_tailroom(app->pdu) < sizeof(*gm))
270                return -1;
271        gm = (struct garp_msg_hdr *)__skb_put(app->pdu, sizeof(*gm));
272        gm->attrtype = attrtype;
273        garp_cb(app->pdu)->cur_type = attrtype;
274        return 0;
275}
276
277static int garp_pdu_append_attr(struct garp_applicant *app,
278                                const struct garp_attr *attr,
279                                enum garp_attr_event event)
280{
281        struct garp_attr_hdr *ga;
282        unsigned int len;
283        int err;
284again:
285        if (!app->pdu) {
286                err = garp_pdu_init(app);
287                if (err < 0)
288                        return err;
289        }
290
291        if (garp_cb(app->pdu)->cur_type != attr->type) {
292                if (garp_cb(app->pdu)->cur_type &&
293                    garp_pdu_append_end_mark(app) < 0)
294                        goto queue;
295                if (garp_pdu_append_msg(app, attr->type) < 0)
296                        goto queue;
297        }
298
299        len = sizeof(*ga) + attr->dlen;
300        if (skb_tailroom(app->pdu) < len)
301                goto queue;
Show full sources