2017-04-23 09:28:15

by Pan Bian

[permalink] [raw]
Subject: [PATCH 1/1] m5602_s5k83a: check return value of kthread_create

From: Pan Bian <[email protected]>

Function kthread_create() returns an ERR_PTR on error. However, in
function s5k83a_start(), its return value is used without validation.
This may result in a bad memory access bug. This patch fixes the bug.

Signed-off-by: Pan Bian <[email protected]>
---
drivers/media/usb/gspca/m5602/m5602_s5k83a.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/drivers/media/usb/gspca/m5602/m5602_s5k83a.c b/drivers/media/usb/gspca/m5602/m5602_s5k83a.c
index be5e25d1..6ad8d48 100644
--- a/drivers/media/usb/gspca/m5602/m5602_s5k83a.c
+++ b/drivers/media/usb/gspca/m5602/m5602_s5k83a.c
@@ -345,6 +345,11 @@ int s5k83a_start(struct sd *sd)
to assume that there is no better way of accomplishing this */
sd->rotation_thread = kthread_create(rotation_thread_function,
sd, "rotation thread");
+ if (IS_ERR(sd->rotation_thread)) {
+ err = PTR_ERR(sd->rotation_thread);
+ sd->rotation_thread = NULL;
+ return err;
+ }
wake_up_process(sd->rotation_thread);

/* Preinit the sensor */
--
1.9.1