Report from smatch:
slirp/tcp_subr.c:127 tcp_respond(17) error:
we previously assumed 'tp' could be null (see line 124)
Fix this by checking 'tp' before reading its elements.
The type casts of pointers to long are not related to the smatch report
but happened to be near that code. Those type casts are not allowed
when sizeof(pointer) != sizeof(long).
Signed-off-by: Stefan Weil <s...@weilnetz.de>
---
Coding style was not fixed by the patch!
slirp/tcp_subr.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 025b374..5f3214c 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -114,9 +114,9 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct
mbuf *m,
int win = 0;
DEBUG_CALL("tcp_respond");
- DEBUG_ARG("tp = %lx", (long)tp);
- DEBUG_ARG("ti = %lx", (long)ti);
- DEBUG_ARG("m = %lx", (long)m);
+ DEBUG_ARG("tp = %p", tp);
+ DEBUG_ARG("ti = %p", ti);
+ DEBUG_ARG("m = %p", m);
DEBUG_ARG("ack = %u", ack);
DEBUG_ARG("seq = %u", seq);
DEBUG_ARG("flags = %x", flags);
@@ -124,7 +124,7 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct
mbuf *m,
if (tp)
win = sbspace(&tp->t_socket->so_rcv);
if (m == NULL) {
- if ((m = m_get(tp->t_socket->slirp)) == NULL)
+ if (tp && (m = m_get(tp->t_socket->slirp)) == NULL)
return;
tlen = 0;
m->m_data += IF_MAXLINKHDR;
--
1.7.10
