tipc: fix dereference before check warning

This fixes the following Smatch warning: net/tipc/link.c:2364 tipc_link_recv_fragment() warn: variable dereferenced before check '*head' (see line 2361) A null pointer might be passed to skb_try_coalesce if a malicious sender injects orphan fragments on a link. Signed-off-by: Erik Hugne <erik.hugne@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Erik Hugne <erik.hugne@ericsson.com> 2013-11-13 03:35:11 -0500
committer: David S. Miller <davem@davemloft.net> 2013-11-15 03:11:06 -0500
commit: 3db0a197ed86317ab2915bc8bddb91807b0f0e96 (patch)
tree: c9209a27ba6e8a40665f0a509685854ceba3d63c /net/tipc/link.c
parent: c9e9042994d37cbc1ee538c500e9da1bb9d1bcdf (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/tipc/link.c b/net/tipc/link.c
index cf465d66ccde..69cd9bf3f561 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -2358,7 +2358,8 @@ int tipc_link_recv_fragment(struct sk_buff **head, struct sk_buff **tail,
                *head = frag;
                skb_frag_list_init(*head);
                return 0;
-        } else if (skb_try_coalesce(*head, frag, &headstolen, &delta)) {
+        } else if (*head &&
+                   skb_try_coalesce(*head, frag, &headstolen, &delta)) {
                kfree_skb_partial(frag, headstolen);
        } else {
                if (!*head)
author	Erik Hugne <erik.hugne@ericsson.com>	2013-11-13 03:35:11 -0500
committer	David S. Miller <davem@davemloft.net>	2013-11-15 03:11:06 -0500
commit	3db0a197ed86317ab2915bc8bddb91807b0f0e96 (patch)
tree	c9209a27ba6e8a40665f0a509685854ceba3d63c /net/tipc/link.c
parent	c9e9042994d37cbc1ee538c500e9da1bb9d1bcdf (diff)