[PATCH] staging: greybus: fix fw is NULL but dereferenced.
From: Saurav Girepunje
Date: Sun Jan 26 2020 - 03:32:00 EST
Fix the warning reported by cocci check.
Changes:
In queue_work fw dereference before it actually get assigned.
move queue_work before gb_bootrom_set_timeout.
As gb_bootrom_get_firmware () return NEXT_REQ_READY_TO_BOOT
only when there is no error and offset + size is actually equal
to fw->size. So initialized next_request to NEXT_REQ_GET_FIRMWARE
for return in other case.
Signed-off-by: Saurav Girepunje <saurav.girepunje@xxxxxxxxx>
---
drivers/staging/greybus/bootrom.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/greybus/bootrom.c b/drivers/staging/greybus/bootrom.c
index a8efb86..f54514e 100644
--- a/drivers/staging/greybus/bootrom.c
+++ b/drivers/staging/greybus/bootrom.c
@@ -246,7 +246,7 @@ static int gb_bootrom_get_firmware(struct gb_operation *op)
struct gb_bootrom_get_firmware_response *firmware_response;
struct device *dev = &op->connection->bundle->dev;
unsigned int offset, size;
- enum next_request_type next_request;
+ enum next_request_type next_request = NEXT_REQ_GET_FIRMWARE;
int ret = 0;
/* Disable timeouts */
@@ -296,13 +296,11 @@ static int gb_bootrom_get_firmware(struct gb_operation *op)
unlock:
mutex_unlock(&bootrom->mutex);
-queue_work:
/* Refresh timeout */
if (!ret && (offset + size == fw->size))
next_request = NEXT_REQ_READY_TO_BOOT;
- else
- next_request = NEXT_REQ_GET_FIRMWARE;
+queue_work:
gb_bootrom_set_timeout(bootrom, next_request, NEXT_REQ_TIMEOUT_MS);
return ret;
--
1.9.1