tipc: Reduce scope for the variable “fdefq” in tipc_link_tnl_prepare()

The address of a data structure member was determined before
a corresponding null pointer check in the implementation of
the function “tipc_link_tnl_prepare”.

Thus avoid the risk for undefined behaviour by moving the definition
for the local variable “fdefq” into an if branch at the end.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Link: https://patch.msgid.link/08fe8fc3-19c3-4324-8719-0ee74b0f32c9@web.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/tipc/link.c b/net/tipc/link.c
index 5c2088a469cea1adf79bd698bafaadbc984f8806..50c2e0846ea4df02a78a7be270463b20e3a79c86 100644 (file)
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1951,7 +1951,6 @@ void tipc_link_create_dummy_tnl_msg(struct tipc_link *l,
 void tipc_link_tnl_prepare(struct tipc_link *l, struct tipc_link *tnl,
                           int mtyp, struct sk_buff_head *xmitq)
 {
-       struct sk_buff_head *fdefq = &tnl->failover_deferdq;
        struct sk_buff *skb, *tnlskb;
        struct tipc_msg *hdr, tnlhdr;
        struct sk_buff_head *queue = &l->transmq;
@@ -2078,6 +2077,8 @@ tnl:
        tipc_link_xmit(tnl, &tnlq, xmitq);
 
        if (mtyp == FAILOVER_MSG) {
+               struct sk_buff_head *fdefq = &tnl->failover_deferdq;
+
                tnl->drop_point = l->rcv_nxt;
                tnl->failover_reasm_skb = l->reasm_buf;
                l->reasm_buf = NULL;