NULL Pointer Dereference Question

[Eric Sesterhenn / Snakebyte <snakebyte@xxxxxx>]

hi,

coverity reports a lot of REVERSE_INULL bugs of the following type
( example from drivers/char/synclink.c )

----snip---8<----
2039 	static void mgsl_put_char(struct tty_struct *tty, unsigned char
ch)
2040 	{

Event deref_ptr: Directly dereferenced pointer "tty"
Also see events: [check_after_deref]

2041 		struct mgsl_struct *info = (struct mgsl_struct *)tty->driver_data;
2042 		unsigned long flags;
2043 	

At conditional (1): "debug_level >= 3" taking true path

2044 		if ( debug_level >= DEBUG_LEVEL_INFO ) {
2045 			printk( "%s(%d):mgsl_put_char(%d) on %s\n",
2046 				__FILE__,__LINE__,ch,info->device_name);
2047 		}		
2048 		

At conditional (2): "mgsl_paranoia_check != 0" taking false path

2049 		if (mgsl_paranoia_check(info, tty->name, "mgsl_put_char"))
2050 			return;
2051 	

Event check_after_deref: Pointer "tty" dereferenced before NULL check
Also see events: [deref_ptr]

2052 		if (!tty || !info->xmit_buf)
2053 			return;

-----snap--8<---

Are these really an issue? We just read from strange memory locations,
but never write to them as far as i can see. In userspace reading
from adress 0 usually segfaults, but i was unable to produce an
oops or bug with a kernel module by doing so. But maybe there are
architectures where we can't read from every memory location and stuff
like this should be fixed in one way or another.

Thanks for pointers
Eric

-- 
 www.cobra-basket.de -- just my stuff

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/