From: Johan Hedberg Date: Sat, 6 Sep 2014 03:59:10 +0000 (+0300) Subject: Bluetooth: Fix dereferencing conn variable before NULL check X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=c68b7f127d5f517c214e8bcf231d0188f6776d2a;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git Bluetooth: Fix dereferencing conn variable before NULL check This patch fixes the following type of static analyzer warning (and probably a real bug as well as the NULL check should be there for a reason): net/bluetooth/smp.c:1182 smp_conn_security() warn: variable dereferenced before check 'conn' (see line 1174) Signed-off-by: Johan Hedberg Signed-off-by: Marcel Holtmann --- diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 1201670afe38..560f78a9f960 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -1210,7 +1210,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) { struct l2cap_conn *conn = hcon->l2cap_data; - struct l2cap_chan *chan = conn->smp; + struct l2cap_chan *chan; struct smp_chan *smp; __u8 authreq; int ret; @@ -1221,6 +1221,8 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) if (!conn) return 1; + chan = conn->smp; + if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) return 1;