Commit 0fc8f274 authored May 27, 2010 by Julia Lawall Committed by Matthew Garrett Aug 03, 2010

drivers/platform/x86: Eliminate a NULL pointer dereference

Give different error messages if device_enum is NULL or if its type field
has the wrong value.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/

)

// <smpl>
@r exists@
expression E,E1;
identifier f;
statement S1,S2,S3;
@@

if ((E == NULL && ...) || ...)
{
  ... when != if (...) S1 else S2
      when != E = E1
* E->f
  ... when any
  return ...;
}
else S3
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Matthew Garrett <mjg@redhat.com>

parent 6d96e00c

drivers/platform/x86/sony-laptop.c

+7 −3

Original line number	Diff line number	Diff line
		@@ -1196,8 +1196,12 @@ static void sony_nc_rfkill_setup(struct acpi_device *device)
		}

		device_enum = (union acpi_object *) buffer.pointer;
		if (!device_enum \|\| device_enum->type != ACPI_TYPE_BUFFER) {
		printk(KERN_ERR "Invalid SN06 return object 0x%.2x\n",
		if (!device_enum) {
		pr_err("Invalid SN06 return object\n");
		goto out_no_enum;
		}
		if (device_enum->type != ACPI_TYPE_BUFFER) {
		pr_err("Invalid SN06 return object type 0x%.2x\n",
		device_enum->type);
		goto out_no_enum;
		}