Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1155422imm; Thu, 4 Oct 2018 09:01:09 -0700 (PDT) X-Google-Smtp-Source: ACcGV63Pa4cgCJefWYCq5COa+f2YOgcGkmQbzGg0y/0A6fEpHZjifHMzvIU3Fg77ocvAOLiTW8/D X-Received: by 2002:a17:902:b10c:: with SMTP id q12-v6mr7334394plr.37.1538668869049; Thu, 04 Oct 2018 09:01:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538668869; cv=none; d=google.com; s=arc-20160816; b=PDIMpJUn3f5x5W1KvFnJil7PRsK/Ft/M5mGo6DF0BmhKkcwigze6x1q/wOlwVCdkgd k992PNVTI9Y/taeBChntcyOaWtch9vpwdFPrQGLZxUcraXYTkYSop72ppMBsrlPnuIzH cm3e0jz5SqQvFQCcyPoa7ZqIjP1hxurNyj/UrrzIWzpqwxqfRybvxTNt3C9kXpcYWw+J 6a8dLfrQX+RdPzprCZxtfop9aTo+kNHSw9mcU+i4UHzXAFHu3hR0htpRGAQ9sxG6jP6y 8Sqo10gQSNGMTidvNFExuskUUZx86GXz7dvS9pJ6Q92+l6vFHnRhBQSI4tt8jhvqcfW/ AxzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=Ie3cKh7tyt3QXvlrAGVJ8y4Hy36L8S8XML8eOFURSKY=; b=016M2RZxpm1MKWpfT875qv0/uhxHStpIrdaI2SZlSBsXszGF6cy0LaX4m6J40UbV48 GGJJQJucER+moNWcuuWGRoxIbIEhy6NddsiM+7nN4KeXn0xXwY4sTlWYOsPaeBVnr2Va +tmEUnV/plRvKc1mDzc0MLjF873k50tOt/FKnO3qo1t0gWgXUhasKKLdhu5oLmqS43gn 4lpCVeeFjzAiESGYXzbQShCBRnAe+RcmWLh+xSnQWsmTaS7z0NMGXxadkhz3nIOPsgEf /waUQWTkGUZhQSJfri/MO4pzlM1000nhxmjbvk5q+QYo0UwPSvtFnUsXg8uQ+q7p5JGW pz5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=ZIc2Vd1G; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i3-v6si5107791pld.273.2018.10.04.09.00.53; Thu, 04 Oct 2018 09:01:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=ZIc2Vd1G; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727629AbeJDWyk (ORCPT + 99 others); Thu, 4 Oct 2018 18:54:40 -0400 Received: from mta-p6.oit.umn.edu ([134.84.196.206]:39336 "EHLO mta-p6.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727394AbeJDWyk (ORCPT ); Thu, 4 Oct 2018 18:54:40 -0400 Received: from localhost (unknown [127.0.0.1]) by mta-p6.oit.umn.edu (Postfix) with ESMTP id 990CD1195 for ; Thu, 4 Oct 2018 16:00:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p6.oit.umn.edu ([127.0.0.1]) by localhost (mta-p6.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GfKvsdncQaNm for ; Thu, 4 Oct 2018 11:00:45 -0500 (CDT) Received: from mail-io1-f69.google.com (mail-io1-f69.google.com [209.85.166.69]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p6.oit.umn.edu (Postfix) with ESMTPS id 6AF8E11AB for ; Thu, 4 Oct 2018 11:00:45 -0500 (CDT) Received: by mail-io1-f69.google.com with SMTP id z15-v6so8078018iob.3 for ; Thu, 04 Oct 2018 09:00:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=from:to:cc:subject:date:message-id; bh=Ie3cKh7tyt3QXvlrAGVJ8y4Hy36L8S8XML8eOFURSKY=; b=ZIc2Vd1GrGTeCPPGrR1W13bRcX/GOrEL7m8+n0Tt9tSZkllE5dtrj23OoWtKIj6s3+ TSwxvJS4qaSp98XUTeyOvcFYe94BVxABr0AaMoyZSggxIvT4Mzrnt0+xKGmZdHhw86ZK z+kDUmHF7ynLDz70Pnn3MdJ0KPw7XTZZBWRMJ5oEKzQ+l26SC7IaGASRf4P+/on7eSsB KMhHjQo374e8Mi2uo9p45TlkC986OV3Sam7xakMPwjUvIoAeFYGg1BmLegnhYgT/QcLX gW21m5TzT2fWsQCBLHuh86/P8GlyPh354gJUhfVEL+IIrH/b6yL+gwujHylCTm3mdc/G DcMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Ie3cKh7tyt3QXvlrAGVJ8y4Hy36L8S8XML8eOFURSKY=; b=KP1NePbK0XwF1tvJ57yjCURQFKiIB+NrZFd4IJpfaywb0UOcV0DXZwp09FIRr2bCUW 7qmtk+bk5jZ4pw80VSq5CLolYh2TkQ1FAVZmORIPWZiDXmz3iKrypLJBcZjpJ8aDdjpB fLVI3cbqIigRtgPIDD4W7hV+WTdbKkMXEcLeNKEIJRPik1NfbMKeISgE5GOMBZP+0M/Q K1HC6NiAsJHqTeoG4AdUUQ0u0mopUUYVU08PRcilhOJTylmtAe7MS4FmyM9qwXkwR7F4 B8ruYdj9urw7Gt9SoKhzIJd9500eORADJxyKaq24UgbxWX8xiu35aJUn2EK6dkvC5B3T Wg0A== X-Gm-Message-State: ABuFfoiQXcp2hNNuP2l7E4sKtJTOvpMZG7LScFmAKdCaaaW0FGg2N8iy VYEjV6f4r8COyqrB9sb1fNuLwUCgvIO4+LRNtmC1h7uq1PiUMGMiVwuR+OlcVV8obrlfjb32uAL 95mNyMI4Fg5FSnV8q/ZYjtNBOs0S8 X-Received: by 2002:a02:238f:: with SMTP id u137-v6mr5702299jau.0.1538668845123; Thu, 04 Oct 2018 09:00:45 -0700 (PDT) X-Received: by 2002:a02:238f:: with SMTP id u137-v6mr5702281jau.0.1538668844884; Thu, 04 Oct 2018 09:00:44 -0700 (PDT) Received: from cs-u-cslp16.cs.umn.edu (cs-u-cslp16.cs.umn.edu. [134.84.121.95]) by smtp.gmail.com with ESMTPSA id f15-v6sm2225553ita.24.2018.10.04.09.00.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 04 Oct 2018 09:00:44 -0700 (PDT) From: Wenwen Wang To: Wenwen Wang Cc: Kangjie Lu , Mauro Carvalho Chehab , Greg Kroah-Hartman , linux-media@vger.kernel.org (open list:MEDIA INPUT INFRASTRUCTURE (V4L/DVB)), devel@driverdev.osuosl.org (open list:STAGING SUBSYSTEM), linux-kernel@vger.kernel.org (open list) Subject: [PATCH] media: davinci_vpfe: fix a NULL pointer dereference bug Date: Thu, 4 Oct 2018 11:00:31 -0500 Message-Id: <1538668833-18372-1-git-send-email-wang6495@umn.edu> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In vpfe_isif_init(), there is a while loop to get the ISIF base address and linearization table0 and table1 address. In the loop body, the function platform_get_resource() is called to get the resource. If platform_get_resource() returns NULL, the loop is terminated and the execution goes to 'fail_nobase_res'. Suppose the loop is terminated at the first iteration because platform_get_resource() returns NULL and the execution goes to 'fail_nobase_res'. Given that there is another while loop at 'fail_nobase_res' and i equals to 0, one iteration of the second while loop will be executed. However, the second while loop does not check the return value of platform_get_resource(). This can cause a NULL pointer dereference bug if the return value is a NULL pointer. This patch avoids the above issue by adding a check in the second while loop after the call to platform_get_resource(). Signed-off-by: Wenwen Wang --- drivers/staging/media/davinci_vpfe/dm365_isif.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/staging/media/davinci_vpfe/dm365_isif.c b/drivers/staging/media/davinci_vpfe/dm365_isif.c index 745e33f..b0425a6 100644 --- a/drivers/staging/media/davinci_vpfe/dm365_isif.c +++ b/drivers/staging/media/davinci_vpfe/dm365_isif.c @@ -2080,7 +2080,8 @@ int vpfe_isif_init(struct vpfe_isif_device *isif, struct platform_device *pdev) while (i >= 0) { res = platform_get_resource(pdev, IORESOURCE_MEM, i); - release_mem_region(res->start, res_len); + if (res) + release_mem_region(res->start, res_len); i--; } return status; -- 2.7.4