diff options
author | Eugeniu Rosca <erosca@de.adit-jv.com> | 2017-08-13 12:06:29 +0200 |
---|---|---|
committer | Mauro Carvalho Chehab <mchehab@s-opensource.com> | 2017-08-27 12:58:19 +0200 |
commit | 87e9201108b7d63cc4a50faca3baad48c4ec99f8 (patch) | |
tree | e222d2464c953c2adecc075fe9b7fc6b86a1ecf0 | |
parent | media: au0828: fix unbalanced lock/unlock in au0828_usb_probe (diff) | |
download | linux-87e9201108b7d63cc4a50faca3baad48c4ec99f8.tar.xz linux-87e9201108b7d63cc4a50faca3baad48c4ec99f8.zip |
media: mxl111sf: Fix potential null pointer dereference
Reviewing the delta between cppcheck output of v4.9.39 and v4.9.40
stable updates, I stumbled on the new warning:
mxl111sf.c:80: (warning) Possible null pointer dereference: rbuf
Since copying state->rcvbuf into rbuf is not needed in the 'write-only'
scenario (i.e. calling mxl111sf_ctrl_msg() from mxl111sf_i2c_send_data()
or from mxl111sf_write_reg()), bypass memcpy() in this case.
Fixes: d90b336f3f65 ("[media] mxl111sf: Fix driver to use heap allocate buffers for USB messages")
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Michael Ira Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-rw-r--r-- | drivers/media/usb/dvb-usb-v2/mxl111sf.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/media/usb/dvb-usb-v2/mxl111sf.c b/drivers/media/usb/dvb-usb-v2/mxl111sf.c index b0d5904a4ea6..67953360fda5 100644 --- a/drivers/media/usb/dvb-usb-v2/mxl111sf.c +++ b/drivers/media/usb/dvb-usb-v2/mxl111sf.c @@ -77,7 +77,9 @@ int mxl111sf_ctrl_msg(struct mxl111sf_state *state, dvb_usbv2_generic_rw(d, state->sndbuf, 1+wlen, state->rcvbuf, rlen); - memcpy(rbuf, state->rcvbuf, rlen); + if (rbuf) + memcpy(rbuf, state->rcvbuf, rlen); + mutex_unlock(&state->msg_lock); mxl_fail(ret); |