rionet: NULL pointer dereference

From: Jesper Juhl
Date: Thu Jun 16 2011 - 18:15:42 EST


Just noticed that drivers/net/rionet.c::rionet_remove() can cause a NULL
deref when it calls unregister_netdev().
It initializes local variable 'ndev' to NULL and nothing changes this
before the call to unregister_netdev(ndev) - that functions then calls:
unregister_netdevice > unregister_netdevice_queue > list_move_tail >
__list_del_entry which dereferences the pointer (which, being NULL, will
end in tears).

I won't claim to know this code nor what the proper fix is; just thought
i'd report it so someone else with more knowledge of this could perhaps
come up with a fix.

Have a nice day.

Jesper Juhl <jj@xxxxxxxxxxxxx>
Don't top-post
Plain text mails only, please.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at