diff mbox series

dma-buf/udmabuf: Fix NULL pointer dereference in udmabuf_create

Message ID 20180904190749.GA9308@embeddedor.com (mailing list archive)
State New, archived
Headers show
Series dma-buf/udmabuf: Fix NULL pointer dereference in udmabuf_create | expand

Commit Message

Gustavo A. R. Silva Sept. 4, 2018, 7:07 p.m. UTC 
There is a potential execution path in which pointer memfd is NULL when
passed as argument to fput(), hence there is a NULL pointer dereference
in fput().

Fix this by null checking *memfd* before calling fput().

Addresses-Coverity-ID: 1473174 ("Explicit null dereferenced")
Fixes: fbb0de795078 ("Add udmabuf misc device")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
 drivers/dma-buf/udmabuf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Gerd Hoffmann Sept. 5, 2018, 6:34 a.m. UTC | #1 
On Tue, Sep 04, 2018 at 02:07:49PM -0500, Gustavo A. R. Silva wrote:
> There is a potential execution path in which pointer memfd is NULL when
> passed as argument to fput(), hence there is a NULL pointer dereference
> in fput().
> 
> Fix this by null checking *memfd* before calling fput().
> 
> Addresses-Coverity-ID: 1473174 ("Explicit null dereferenced")
> Fixes: fbb0de795078 ("Add udmabuf misc device")
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>

Pushed to drm-misc-next.

thanks,
  Gerd
diff mbox series

Patch

diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
index 8e24204..2e85022 100644
--- a/drivers/dma-buf/udmabuf.c
+++ b/drivers/dma-buf/udmabuf.c
@@ -194,7 +194,8 @@  static long udmabuf_create(struct udmabuf_create_list *head,
 	while (pgbuf > 0)
 		put_page(ubuf->pages[--pgbuf]);
 err_free_ubuf:
-	fput(memfd);
+	if (memfd)
+		fput(memfd);
 	kfree(ubuf->pages);
 	kfree(ubuf);
 	return ret;