]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 028ef9c)
tee: qcomtee: add missing va_end in early return qcomtee_object_user_init()
authorRobertus Diawan Chris <robertusdchris@gmail.com>
Tue, 19 May 2026 02:05:28 +0000 (09:05 +0700)
committerJens Wiklander <jens.wiklander@linaro.org>
Wed, 20 May 2026 07:22:52 +0000 (09:22 +0200)
qcomtee_object_user_init() is a variadic function and when the function
return because there's no dispatch callback in QCOMTEE_OBJECT_TYPE_CB
case, there's no va_end to cleanup "ap" object initialized by va_start
and that can cause undefined behavior. So make sure to use va_end before
returning the error code when there's no dispatch callback.

This is reported by Coverity Scan as "Missing varargs init or cleanup".

Fixes: d6e290837e50 ("tee: add Qualcomm TEE driver")
Signed-off-by: Robertus Diawan Chris <robertusdchris@gmail.com>
Reviewed-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
drivers/tee/qcomtee/core.c patch | blob | blame | history

diff --git a/drivers/tee/qcomtee/core.c b/drivers/tee/qcomtee/core.c
index b1cb50e434f00a4a76e033289450283d7186d341..60fe3b5776e36dac60e9b7fbbbc01e3191ca8e72 100644 (file)
--- a/drivers/tee/qcomtee/core.c
+++ b/drivers/tee/qcomtee/core.c
@@ -306,8 +306,10 @@ int qcomtee_object_user_init(struct qcomtee_object *object,
                break;
        case QCOMTEE_OBJECT_TYPE_CB:
                object->ops = ops;
-               if (!object->ops->dispatch)
-                       return -EINVAL;
+               if (!object->ops->dispatch) {
+                       ret = -EINVAL;
+                       break;
+               }
 
                /* If failed, "no-name". */
                object->name = kvasprintf_const(GFP_KERNEL, fmt, ap);
A mirror of Linus' kernel repository