[PATCH] staging: media: davinci_vpfe: fix a potential null pointer dereference on vpfe_ipipe_init
wen yang
yellowriver2010 at hotmail.com
Sat Nov 24 16:31:50 UTC 2018
From: Wen Yang <wen.yang99 at zte.com.cn>
This patch fixes a possible null pointer dereference in
do_load, detected by the semantic patch
deref_null.cocci, with the following warning:
drivers/staging/media/davinci_vpfe/dm365_ipipe.c:1846:25-30: ERROR: res is
NULL but dereferenced.
The following code has potential null pointer references:
1808 res = platform_get_resource(pdev, IORESOURCE_MEM, 6);
1809 if (!res)
1810 goto error_unmap;
...
1843 error_unmap:
1844 iounmap(ipipe->base_addr);
1845 error_release:
1846 release_mem_region(res->start, res_len);
Signed-off-by: Wen Yang <wen.yang99 at zte.com.cn>
CC: Julia Lawall <julia.lawall at lip6.fr>
CC: devel at driverdev.osuosl.org
CC: Mauro Carvalho Chehab <mchehab at kernel.org>
CC: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
CC: linux-kernel at vger.kernel.org
CC: linux-media at vger.kernel.org
---
drivers/staging/media/davinci_vpfe/dm365_ipipe.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/media/davinci_vpfe/dm365_ipipe.c b/drivers/staging/media/davinci_vpfe/dm365_ipipe.c
index 6a3434c..8d2d3f8 100644
--- a/drivers/staging/media/davinci_vpfe/dm365_ipipe.c
+++ b/drivers/staging/media/davinci_vpfe/dm365_ipipe.c
@@ -1791,7 +1791,7 @@ vpfe_ipipe_init(struct vpfe_ipipe_device *ipipe, struct platform_device *pdev)
struct v4l2_subdev *sd = &ipipe->subdev;
struct media_entity *me = &sd->entity;
static resource_size_t res_len;
- struct resource *res;
+ struct resource *res, *res2;
res = platform_get_resource(pdev, IORESOURCE_MEM, 4);
if (!res)
@@ -1805,10 +1805,10 @@ vpfe_ipipe_init(struct vpfe_ipipe_device *ipipe, struct platform_device *pdev)
if (!ipipe->base_addr)
goto error_release;
- res = platform_get_resource(pdev, IORESOURCE_MEM, 6);
- if (!res)
+ res2 = platform_get_resource(pdev, IORESOURCE_MEM, 6);
+ if (!res2)
goto error_unmap;
- ipipe->isp5_base_addr = ioremap_nocache(res->start, res_len);
+ ipipe->isp5_base_addr = ioremap_nocache(res2->start, res_len);
if (!ipipe->isp5_base_addr)
goto error_unmap;
--
2.7.4
More information about the devel
mailing list