diff mbox

ASoC: Intel: Skylake: fix dereference before NULL check on ebus

Message ID 20170419121613.12353-1-colin.king@canonical.com (mailing list archive)
State New, archived
Headers show

Commit Message

Colin King April 19, 2017, 12:16 p.m. UTC 
From: Colin Ian King <colin.king@canonical.com>

ebus is being NULL checked however it is being dereferenced
earlier on the assignment bus = ebus_to_hbus(ebus).  Fix this
by moving the assignment to after the NULL check on ebus to
avoid a NULL pointer dereference error.

Fixes: c5a76a246989c8 ("ASoC: Intel: Skylake: Add shutdown callback")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 sound/soc/intel/skylake/skl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Dan Carpenter April 19, 2017, 1:32 p.m. UTC | #1 
On Wed, Apr 19, 2017 at 01:16:13PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> ebus is being NULL checked however it is being dereferenced
> earlier on the assignment bus = ebus_to_hbus(ebus).  Fix this
> by moving the assignment to after the NULL check on ebus to
> avoid a NULL pointer dereference error.
> 

ebus_to_hbus() doesn't dereference "ebus" it just uses it for pointer
math.

#define ebus_to_hbus(ebus)      (&(ebus)->bus)

If you pass a NULL to there, it returns an offset starting from NULL but
it doesn't Oops.

regards,
dan carpenter
Colin King April 19, 2017, 1:34 p.m. UTC | #2 
On 19/04/17 14:32, Dan Carpenter wrote:
> On Wed, Apr 19, 2017 at 01:16:13PM +0100, Colin King wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> ebus is being NULL checked however it is being dereferenced
>> earlier on the assignment bus = ebus_to_hbus(ebus).  Fix this
>> by moving the assignment to after the NULL check on ebus to
>> avoid a NULL pointer dereference error.
>>
> 
> ebus_to_hbus() doesn't dereference "ebus" it just uses it for pointer
> math.
> 
> #define ebus_to_hbus(ebus)      (&(ebus)->bus)
> 
> If you pass a NULL to there, it returns an offset starting from NULL but
> it doesn't Oops.

Doh, brown paper bag moment for me.

> 
> regards,
> dan carpenter
> 
>
diff mbox

Patch

diff --git a/sound/soc/intel/skylake/skl.c b/sound/soc/intel/skylake/skl.c
index 0c57d4eaae3a..21369f60fbaa 100644
--- a/sound/soc/intel/skylake/skl.c
+++ b/sound/soc/intel/skylake/skl.c
@@ -818,7 +818,7 @@  static int skl_probe(struct pci_dev *pci,
 static void skl_shutdown(struct pci_dev *pci)
 {
 	struct hdac_ext_bus *ebus = pci_get_drvdata(pci);
-	struct hdac_bus *bus = ebus_to_hbus(ebus);
+	struct hdac_bus *bus;
 	struct hdac_stream *s;
 	struct hdac_ext_stream *stream;
 	struct skl *skl;
@@ -826,6 +826,7 @@  static void skl_shutdown(struct pci_dev *pci)
 	if (ebus == NULL)
 		return;
 
+	bus = ebus_to_hbus(ebus);
 	skl = ebus_to_skl(ebus);
 
 	if (skl->init_failed)