Patchwork Fix possible null pointer dereference in davinci_cpdma.c

login
register
mail settings
Submitter Huzaifa Sidhpurwala
Date March 14, 2011, 8:39 a.m.
Message ID <1300091954-10367-1-git-send-email-huzaifas@redhat.com>
Download mbox | patch
Permalink /patch/86686/
State Changes Requested
Delegated to: David Miller
Headers show

Comments

Huzaifa Sidhpurwala - March 14, 2011, 8:39 a.m.
From: Huzaifa Sidhpurwala <huzaifas@redhat.com>

Check if chan exists before dereferencing it

Signed-off-by: Huzaifa Sidhpurwala <huzaifas@redhat.com>
---
 drivers/net/davinci_cpdma.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
David Miller - March 14, 2011, 10:36 p.m.
From: huzaifas@redhat.com
Date: Mon, 14 Mar 2011 14:09:14 +0530

> From: Huzaifa Sidhpurwala <huzaifas@redhat.com>
> 
> Check if chan exists before dereferencing it
> 
> Signed-off-by: Huzaifa Sidhpurwala <huzaifas@redhat.com>

Just like your EHEA driver patch, this situation is such that
cpdma_chan_destroy() is never called with a NULL "chan" argument.

Therefore it's better to simply remove the NULL check.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/net/davinci_cpdma.c b/drivers/net/davinci_cpdma.c
index e92b2b6..09620a6 100644
--- a/drivers/net/davinci_cpdma.c
+++ b/drivers/net/davinci_cpdma.c
@@ -526,12 +526,13 @@  err_chan_alloc:
 
 int cpdma_chan_destroy(struct cpdma_chan *chan)
 {
-	struct cpdma_ctlr *ctlr = chan->ctlr;
+	struct cpdma_ctlr *ctlr;
 	unsigned long flags;
 
 	if (!chan)
 		return -EINVAL;
 
+	ctrl = chan->ctrl;
 	spin_lock_irqsave(&ctlr->lock, flags);
 	if (chan->state != CPDMA_STATE_IDLE)
 		cpdma_chan_stop(chan);