at line 190, if nports == 0, 'hub' will be NULL at line 334, and 'if (hub->ports)' will be a NULL dereference.
found by Amit Kulkarni using clang. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org Index: uhub.c =================================================================== RCS file: /cvs/src/sys/dev/usb/uhub.c,v retrieving revision 1.57 diff -u -p uhub.c --- uhub.c 25 Jan 2011 20:03:36 -0000 1.57 +++ uhub.c 18 Feb 2011 03:33:57 -0000 @@ -331,10 +331,11 @@ uhub_attach(struct device *parent, struct device *self bad: if (sc->sc_statusbuf) free(sc->sc_statusbuf, M_USBDEV); - if (hub->ports) - free(hub->ports, M_USBDEV); - if (hub) + if (hub) { + if (hub->ports) + free(hub->ports, M_USBDEV); free(hub, M_USBDEV); + } dev->hub = NULL; }
