On Mon, Jan 25, 2016 at 7:51 PM, Bernie Harris
<[email protected]> wrote:
> There are cases where qdisc_dequeue_peeked can return NULL, and the result
> is dereferenced later on in the function.
>
> Similarly to the other qdisc dequeue functions, check whether the skb
> pointer is NULL and if it is, goto out.
>
> Signed-off-by: Bernie Harris <[email protected]>
Looks good to me, just one minor thing: an unlikely() can be used for this case.
> ---
> net/sched/sch_drr.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/sched/sch_drr.c b/net/sched/sch_drr.c
> index f26bdea..8086c3d 100644
> --- a/net/sched/sch_drr.c
> +++ b/net/sched/sch_drr.c
> @@ -403,6 +403,8 @@ static struct sk_buff *drr_dequeue(struct Qdisc *sch)
> if (len <= cl->deficit) {
> cl->deficit -= len;
> skb = qdisc_dequeue_peeked(cl->qdisc);
> + if (skb == NULL)
> + goto out;
> if (cl->qdisc->q.qlen == 0)
> list_del(&cl->alist);
>
> --
> 2.7.0
>
