| Message ID | 20190729020849.17971-1-baijiaju1990@gmail.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 39c71a5b8212f4b502d9a630c6706ac723abd422 |
| Headers | show |
| Series | dma: stm32-mdma: Fix a possible null-pointer dereference in stm32_mdma_irq_handler() | expand |
On 29-07-19, 10:08, Jia-Ju Bai wrote: > In stm32_mdma_irq_handler(), chan is checked on line 1368. > When chan is NULL, it is still used on line 1369: > dev_err(chan2dev(chan), "MDMA channel not initialized\n"); > > Thus, a possible null-pointer dereference may occur. > > To fix this bug, "dev_dbg(mdma2dev(dmadev), ...)" is used instead. Applied after changing subsystem name in patch title to dmaengine: ..., Also while fixing it helps to add Fixes tag, have added Thanks
diff --git a/drivers/dma/stm32-mdma.c b/drivers/dma/stm32-mdma.c index d6e919d3936a..1311de74bfdd 100644 --- a/drivers/dma/stm32-mdma.c +++ b/drivers/dma/stm32-mdma.c @@ -1366,7 +1366,7 @@ static irqreturn_t stm32_mdma_irq_handler(int irq, void *devid) chan = &dmadev->chan[id]; if (!chan) { - dev_err(chan2dev(chan), "MDMA channel not initialized\n"); + dev_dbg(mdma2dev(dmadev), "MDMA channel not initialized\n"); goto exit; }
In stm32_mdma_irq_handler(), chan is checked on line 1368. When chan is NULL, it is still used on line 1369: dev_err(chan2dev(chan), "MDMA channel not initialized\n"); Thus, a possible null-pointer dereference may occur. To fix this bug, "dev_dbg(mdma2dev(dmadev), ...)" is used instead. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> --- drivers/dma/stm32-mdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)