If the NULL test on h is needed in snd_harmony_mixer_init, then the
dereference should be after the NULL test.
Actually, there is a sequence of calls: snd_harmony_create, then
snd_harmony_pcm_init, and then snd_harmony_mixer_init. snd_harmony_create
initializes h, but may indeed leave it as NULL. There was no NULL test at
the beginning of snd_harmony_pcm_init, so I have added one. The NULL test
in snd_harmony_mixer_init is then not necessary, but in case the ordering
of the calls changes, I have left it, and moved the dereference after it.
A simplified version of the semantic match that detects this problem is as
follows (http://coccinelle.lip6.fr/):
// <smpl>
@match exists@
expression x, E;
identifier fld;
@@
* x->fld
... when != \(x = E\|&x\)
* x == NULL
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
struct snd_pcm *pcm;
int err;
+ if (snd_BUG_ON(!h))
+ return -EINVAL;
+
harmony_disable_interrupts(h);
err = snd_pcm_new(h->card, "harmony", 0, 1, 1, &pcm);
static int __devinit
snd_harmony_mixer_init(struct snd_harmony *h)
{
- struct snd_card *card = h->card;
+ struct snd_card *card;
int idx, err;
if (snd_BUG_ON(!h))
return -EINVAL;
+ card = h->card;
strcpy(card->mixername, "Harmony Gain control interface");
for (idx = 0; idx < HARMONY_CONTROLS; idx++) {