[PATCH] staging: media: davinci_vpfe: fix a potential null pointer dereference on vpfe_ipipe_init

wen yang yellowriver2010 at hotmail.com
Sat Nov 24 16:31:50 UTC 2018


From: Wen Yang <wen.yang99 at zte.com.cn>

This patch fixes a possible null pointer dereference in
do_load, detected by the semantic patch
deref_null.cocci, with the following warning:

drivers/staging/media/davinci_vpfe/dm365_ipipe.c:1846:25-30: ERROR: res is
NULL but dereferenced.

The following code has potential null pointer references:
1808         res = platform_get_resource(pdev, IORESOURCE_MEM, 6);
1809         if (!res)
1810                 goto error_unmap;
...
1843 error_unmap:
1844         iounmap(ipipe->base_addr);
1845 error_release:
1846         release_mem_region(res->start, res_len);

Signed-off-by: Wen Yang <wen.yang99 at zte.com.cn>
CC: Julia Lawall <julia.lawall at lip6.fr>
CC: devel at driverdev.osuosl.org
CC: Mauro Carvalho Chehab <mchehab at kernel.org>
CC: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
CC: linux-kernel at vger.kernel.org
CC: linux-media at vger.kernel.org
---
 drivers/staging/media/davinci_vpfe/dm365_ipipe.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/staging/media/davinci_vpfe/dm365_ipipe.c b/drivers/staging/media/davinci_vpfe/dm365_ipipe.c
index 6a3434c..8d2d3f8 100644
--- a/drivers/staging/media/davinci_vpfe/dm365_ipipe.c
+++ b/drivers/staging/media/davinci_vpfe/dm365_ipipe.c
@@ -1791,7 +1791,7 @@ vpfe_ipipe_init(struct vpfe_ipipe_device *ipipe, struct platform_device *pdev)
 	struct v4l2_subdev *sd = &ipipe->subdev;
 	struct media_entity *me = &sd->entity;
 	static resource_size_t  res_len;
-	struct resource *res;
+	struct resource *res, *res2;
 
 	res = platform_get_resource(pdev, IORESOURCE_MEM, 4);
 	if (!res)
@@ -1805,10 +1805,10 @@ vpfe_ipipe_init(struct vpfe_ipipe_device *ipipe, struct platform_device *pdev)
 	if (!ipipe->base_addr)
 		goto error_release;
 
-	res = platform_get_resource(pdev, IORESOURCE_MEM, 6);
-	if (!res)
+	res2 = platform_get_resource(pdev, IORESOURCE_MEM, 6);
+	if (!res2)
 		goto error_unmap;
-	ipipe->isp5_base_addr = ioremap_nocache(res->start, res_len);
+	ipipe->isp5_base_addr = ioremap_nocache(res2->start, res_len);
 	if (!ipipe->isp5_base_addr)
 		goto error_unmap;
 
-- 
2.7.4



More information about the devel mailing list