[PATCH] dma-buf/udmabuf: Fix NULL pointer dereference in udmabuf_create

From: Gustavo A. R. Silva
Date: Tue Sep 04 2018 - 15:07:54 EST


There is a potential execution path in which pointer memfd is NULL when
passed as argument to fput(), hence there is a NULL pointer dereference
in fput().

Fix this by null checking *memfd* before calling fput().

Addresses-Coverity-ID: 1473174 ("Explicit null dereferenced")
Fixes: fbb0de795078 ("Add udmabuf misc device")
Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx>
---
drivers/dma-buf/udmabuf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
index 8e24204..2e85022 100644
--- a/drivers/dma-buf/udmabuf.c
+++ b/drivers/dma-buf/udmabuf.c
@@ -194,7 +194,8 @@ static long udmabuf_create(struct udmabuf_create_list *head,
while (pgbuf > 0)
put_page(ubuf->pages[--pgbuf]);
err_free_ubuf:
- fput(memfd);
+ if (memfd)
+ fput(memfd);
kfree(ubuf->pages);
kfree(ubuf);
return ret;
--
2.7.4