On Thu, 2017-07-20 at 17:28 -0600, Shaobo wrote: > My name is Shaobo He and I am a graduate student at University of Utah. > I am using a static analysis tool to search for null pointer > dereferences and came across a couple of potentially invalid memory > accesses in the file drivers/message/fusion/mptbase.c: in function > `mpt_turbo_reply`, variable `mf` is initialized to NULL. If the case > `MPI_CONTEXT_REPLY_TYPE_SCSI_TARGET` is taken, then `mf` is not updated > to a non-NULL value and then may get dereferenced in function > `mpt_free_msg_frame`. However, there are a couple of conditions that can > make the error path infeasible. I was wondering if you could confirm > this.
Hello Shaobo, Which static analysis tool are you using? Is it less or more powerful than Coverity? If it is not more powerful, are you aware that a full Coverity scan of the Linux kernel source code is already available at https://scan.coverity.com/projects/linux? The issue you reported was first detected by Coverity on February 24th, 2006 (more than ten years ago). In the aforementioned database Coverity assigned ID 100124 to that issue. Bart.
