diff options
author | Jia-Ju Bai <baijiaju1990@gmail.com> | 2019-07-24 11:04:26 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-07-25 13:21:15 +0200 |
commit | 7bdd9695970eb8cd5b987e08f99cb8f0c84f30fd (patch) | |
tree | bfa33fca2a670b52ce2cff43f73c4474eed44b04 /drivers/char | |
parent | intel_th: msu: Preserve pre-existing buffer configuration (diff) | |
download | linux-7bdd9695970eb8cd5b987e08f99cb8f0c84f30fd.tar.xz linux-7bdd9695970eb8cd5b987e08f99cb8f0c84f30fd.zip |
char: ppdev: Fix a possible null-pointer dereference in pp_release()
In pp_release(), there is an if statement on line 730 to check whether
pp->pdev is NULL:
else if ((pp->flags & PP_CLAIMED) && pp->pdev && ...)
When pp->pdev is NULL, it is used on line 743:
info = &pp->pdev->port->ieee1284;
and on line 748:
parport_release(pp->pdev);
Thus, a possible null-pointer dereference may occur.
To fix this bug, pp->pdev is checked on line 740.
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Link: https://lore.kernel.org/r/20190724090426.1401-1-baijiaju1990@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/char')
-rw-r--r-- | drivers/char/ppdev.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c index f0a8adca1eee..c86f18aa8985 100644 --- a/drivers/char/ppdev.c +++ b/drivers/char/ppdev.c @@ -737,7 +737,7 @@ static int pp_release(struct inode *inode, struct file *file) "negotiated back to compatibility mode because user-space forgot\n"); } - if (pp->flags & PP_CLAIMED) { + if ((pp->flags & PP_CLAIMED) && pp->pdev) { struct ieee1284_info *info; info = &pp->pdev->port->ieee1284; |