[PATCH] char: tpm: fix potential null pointer dereference

From: Gustavo A. R. Silva
Date: Tue May 30 2017 - 18:15:29 EST

Next message: Kevin Hilman: "Re: [PATCH] ARM64: dts: meson-gx: Add SPICC nodes"
Previous message: Kevin Hilman: "Re: [PATCH 0/5] ARM64: dts: meson: Add CEC, Ethernet Link and SPI pins nodes"
Next in thread: Jason Gunthorpe: "Re: [PATCH] char: tpm: fix potential null pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

NULL check at line 376: if (!chip) {, implies chip might be NULL.
Function dev_get_drvdata() dereference pointer chip.
Move pointer tmp_dev assignment after the NULL check.

Addresses-Coverity-ID: 1397648
Signed-off-by: Gustavo A. R. Silva <garsilva@xxxxxxxxxxxxxx>
---
drivers/char/tpm/st33zp24/st33zp24.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/char/tpm/st33zp24/st33zp24.c b/drivers/char/tpm/st33zp24/st33zp24.c
index 4d1dc8b..f45e8c7 100644
--- a/drivers/char/tpm/st33zp24/st33zp24.c
+++ b/drivers/char/tpm/st33zp24/st33zp24.c
@@ -367,7 +367,7 @@ static irqreturn_t tpm_ioserirq_handler(int irq, void *dev_id)
static int st33zp24_send(struct tpm_chip *chip, unsigned char *buf,
size_t len)
{
- struct st33zp24_dev *tpm_dev = dev_get_drvdata(&chip->dev);
+ struct st33zp24_dev *tpm_dev;
u32 status, i, size, ordinal;
int burstcnt = 0;
int ret;
@@ -382,6 +382,7 @@ static int st33zp24_send(struct tpm_chip *chip, unsigned char *buf,
if (ret < 0)
return ret;

+ tpm_dev = dev_get_drvdata(&chip->dev);
status = st33zp24_status(chip);
if ((status & TPM_STS_COMMAND_READY) == 0) {
st33zp24_cancel(chip);
--
2.5.0

Next message: Kevin Hilman: "Re: [PATCH] ARM64: dts: meson-gx: Add SPICC nodes"
Previous message: Kevin Hilman: "Re: [PATCH 0/5] ARM64: dts: meson: Add CEC, Ethernet Link and SPI pins nodes"
Next in thread: Jason Gunthorpe: "Re: [PATCH] char: tpm: fix potential null pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]