releases/3.4.75/staging-comedi-pcmuio-fix-possible-null-deref-on-detach.patch

   1 From 2fd2bdfccae61efe18f6b92b6a45fbf936d75b48 Mon Sep 17 00:00:00 2001
   2 From: Ian Abbott <abbotti@mev.co.uk>
   3 Date: Tue, 20 Aug 2013 11:50:19 +0100
   4 Subject: staging: comedi: pcmuio: fix possible NULL deref on detach
   5
   6 From: Ian Abbott <abbotti@mev.co.uk>
   7
   8 commit 2fd2bdfccae61efe18f6b92b6a45fbf936d75b48 upstream.
   9
  10 pcmuio_detach() is called by the comedi core even if pcmuio_attach()
  11 returned an error, so `dev->private` might be `NULL`.  Check for that
  12 before dereferencing it.
  13
  14 Also, as pointed out by Dan Carpenter, there is no need to check the
  15 pointer passed to `kfree()` is non-NULL, so remove that check.
  16
  17 Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
  18 Cc: Dan Carpenter <dan.carpenter@oracle.com>
  19 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  20
  21 ---
  22  drivers/staging/comedi/drivers/pcmuio.c |   12 ++++++------
  23  1 file changed, 6 insertions(+), 6 deletions(-)
  24
  25 --- a/drivers/staging/comedi/drivers/pcmuio.c
  26 +++ b/drivers/staging/comedi/drivers/pcmuio.c
  27 @@ -464,13 +464,13 @@ static int pcmuio_detach(struct comedi_d
  28         if (dev->iobase)
  29                 release_region(dev->iobase, ASIC_IOSIZE * thisboard->num_asics);
  30
  31 -       for (i = 0; i < MAX_ASICS; ++i) {
  32 -               if (devpriv->asics[i].irq)
  33 -                       free_irq(devpriv->asics[i].irq, dev);
  34 -       }
  35 -
  36 -       if (devpriv && devpriv->sprivs)
  37 +       if (devpriv) {
  38 +               for (i = 0; i < MAX_ASICS; ++i) {
  39 +                       if (devpriv->asics[i].irq)
  40 +                               free_irq(devpriv->asics[i].irq, dev);
  41 +               }
  42                 kfree(devpriv->sprivs);
  43 +       }
  44
  45         return 0;
  46  }