[PATCH] [media] VPU: mediatek: fix null pointer dereference on pdev

From: Colin King
Date: Wed Sep 07 2016 - 13:12:08 EST

Next message: Andy Shevchenko: "Re: [RFC RESEND] serial: 8250: fix regression in 8250 uart driver"
Previous message: Kees Cook: "[PATCH] usercopy: remove page-spanning test for now"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Colin Ian King <colin.king@xxxxxxxxxxxxx>

pdev is being null checked, however, prior to that it is being
dereferenced by platform_get_drvdata. Move the assignments of
vpu and run to after the pdev null check to avoid a potential
null pointer dereference.

Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
---
drivers/media/platform/mtk-vpu/mtk_vpu.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/media/platform/mtk-vpu/mtk_vpu.c b/drivers/media/platform/mtk-vpu/mtk_vpu.c
index c9bf58c..43907a3 100644
--- a/drivers/media/platform/mtk-vpu/mtk_vpu.c
+++ b/drivers/media/platform/mtk-vpu/mtk_vpu.c
@@ -523,9 +523,9 @@ static int load_requested_vpu(struct mtk_vpu *vpu,

int vpu_load_firmware(struct platform_device *pdev)
{
- struct mtk_vpu *vpu = platform_get_drvdata(pdev);
+ struct mtk_vpu *vpu;
struct device *dev = &pdev->dev;
- struct vpu_run *run = &vpu->run;
+ struct vpu_run *run;
const struct firmware *vpu_fw = NULL;
int ret;

@@ -534,6 +534,9 @@ int vpu_load_firmware(struct platform_device *pdev)
return -EINVAL;
}

+ vpu = platform_get_drvdata(pdev);
+ run = &vpu->run;
+
mutex_lock(&vpu->vpu_mutex);
if (vpu->fw_loaded) {
mutex_unlock(&vpu->vpu_mutex);
--
2.9.3

Next message: Andy Shevchenko: "Re: [RFC RESEND] serial: 8250: fix regression in 8250 uart driver"
Previous message: Kees Cook: "[PATCH] usercopy: remove page-spanning test for now"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]