aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIan Abbott <abbotti@mev.co.uk>2013-08-20 11:50:19 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-12-20 07:34:21 -0800
commit70a9deaa57ee1572c95dce7ec1991bf018728f3a (patch)
tree5669b2acfc49a092d39eb154fb7e2ac53ed43911
parente71859894bfd0ceaf65e98bf287478242d17a9ec (diff)
downloadlinux-linaro-stable-70a9deaa57ee1572c95dce7ec1991bf018728f3a.tar.gz
staging: comedi: pcmuio: fix possible NULL deref on detach
commit 2fd2bdfccae61efe18f6b92b6a45fbf936d75b48 upstream. pcmuio_detach() is called by the comedi core even if pcmuio_attach() returned an error, so `dev->private` might be `NULL`. Check for that before dereferencing it. Also, as pointed out by Dan Carpenter, there is no need to check the pointer passed to `kfree()` is non-NULL, so remove that check. Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Cc: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/staging/comedi/drivers/pcmuio.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/drivers/staging/comedi/drivers/pcmuio.c b/drivers/staging/comedi/drivers/pcmuio.c
index 661ba2e03892..6e936c54f113 100644
--- a/drivers/staging/comedi/drivers/pcmuio.c
+++ b/drivers/staging/comedi/drivers/pcmuio.c
@@ -464,13 +464,13 @@ static int pcmuio_detach(struct comedi_device *dev)
if (dev->iobase)
release_region(dev->iobase, ASIC_IOSIZE * thisboard->num_asics);
- for (i = 0; i < MAX_ASICS; ++i) {
- if (devpriv->asics[i].irq)
- free_irq(devpriv->asics[i].irq, dev);
- }
-
- if (devpriv && devpriv->sprivs)
+ if (devpriv) {
+ for (i = 0; i < MAX_ASICS; ++i) {
+ if (devpriv->asics[i].irq)
+ free_irq(devpriv->asics[i].irq, dev);
+ }
kfree(devpriv->sprivs);
+ }
return 0;
}