summaryrefslogtreecommitdiffstats
path: root/drivers/char
diff options
context:
space:
mode:
authorJia-Ju Bai <baijiaju1990@gmail.com>2019-07-24 11:04:26 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-07-25 13:21:15 +0200
commit7bdd9695970eb8cd5b987e08f99cb8f0c84f30fd (patch)
treebfa33fca2a670b52ce2cff43f73c4474eed44b04 /drivers/char
parentintel_th: msu: Preserve pre-existing buffer configuration (diff)
downloadlinux-7bdd9695970eb8cd5b987e08f99cb8f0c84f30fd.tar.xz
linux-7bdd9695970eb8cd5b987e08f99cb8f0c84f30fd.zip
char: ppdev: Fix a possible null-pointer dereference in pp_release()
In pp_release(), there is an if statement on line 730 to check whether pp->pdev is NULL: else if ((pp->flags & PP_CLAIMED) && pp->pdev && ...) When pp->pdev is NULL, it is used on line 743: info = &pp->pdev->port->ieee1284; and on line 748: parport_release(pp->pdev); Thus, a possible null-pointer dereference may occur. To fix this bug, pp->pdev is checked on line 740. This bug is found by a static analysis tool STCheck written by us. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Link: https://lore.kernel.org/r/20190724090426.1401-1-baijiaju1990@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/char')
-rw-r--r--drivers/char/ppdev.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
index f0a8adca1eee..c86f18aa8985 100644
--- a/drivers/char/ppdev.c
+++ b/drivers/char/ppdev.c
@@ -737,7 +737,7 @@ static int pp_release(struct inode *inode, struct file *file)
"negotiated back to compatibility mode because user-space forgot\n");
}
- if (pp->flags & PP_CLAIMED) {
+ if ((pp->flags & PP_CLAIMED) && pp->pdev) {
struct ieee1284_info *info;
info = &pp->pdev->port->ieee1284;