From acf5df9093fc6223b53f02480ab96fc458cf96ce Mon Sep 17 00:00:00 2001
From: philip <philip@FreeBSD.org>
Date: Mon, 17 Nov 2008 07:09:40 +0000
Subject: [PATCH] Fix two possible (but unlikely) NULL-pointer dereferences in
 glxsb(4).

Spotted by:	Coverity
MFC after:	1 week
---
 sys/dev/glxsb/glxsb.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/sys/dev/glxsb/glxsb.c b/sys/dev/glxsb/glxsb.c
index c521cf5984c7..1af3439bf3ad 100644
--- a/sys/dev/glxsb/glxsb.c
+++ b/sys/dev/glxsb/glxsb.c
@@ -358,7 +358,8 @@ glxsb_detach(device_t dev)
 			return (EBUSY);
 		}
 	}
-	while ((ses = TAILQ_FIRST(&sc->sc_sessions)) != NULL) {
+	while (!TAILQ_EMPTY(&sc->sc_sessions)) {
+		ses = TAILQ_FIRST(&sc->sc_sessions);
 		TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
 		free(ses, M_GLXSB);
 	}
@@ -867,8 +868,11 @@ glxsb_crypto_process(device_t dev, struct cryptop *crp, int hint)
 
 	enccrd = maccrd = NULL;
 
-	if (crp == NULL ||
-	    crp->crp_callback == NULL || crp->crp_desc == NULL) {
+	/* Sanity check. */
+	if (crp == NULL)
+		return (EINVAL);
+
+	if (crp->crp_callback == NULL || crp->crp_desc == NULL) {
 		error = EINVAL;
 		goto fail;
 	}