[PATCH] platform/x86: android-platform: deref after free in x86_android_tablet_probe() fix

From: Aleksandr Burakov
Date: Mon Sep 23 2024 - 19:06:28 EST


Pointer '&pdevs[i]' is dereferenced in x86_android_tablet_probe()
after the referenced memory was deallocated by calling function
x86_android_tablet_remove().

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 62a5f689a068 ("platform/x86: x86-android-tablets: Move core code into new core.c file")
Signed-off-by: Aleksandr Burakov <a.burakov@xxxxxxxxxxxx>
---
drivers/platform/x86/x86-android-tablets/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/platform/x86/x86-android-tablets/core.c b/drivers/platform/x86/x86-android-tablets/core.c
index 919ef4471229..dea6ba1fd839 100644
--- a/drivers/platform/x86/x86-android-tablets/core.c
+++ b/drivers/platform/x86/x86-android-tablets/core.c
@@ -390,8 +390,10 @@ static __init int x86_android_tablet_probe(struct platform_device *pdev)
for (i = 0; i < pdev_count; i++) {
pdevs[i] = platform_device_register_full(&dev_info->pdev_info[i]);
if (IS_ERR(pdevs[i])) {
+ int ret = PTR_ERR(pdevs[i]);
+
x86_android_tablet_remove(pdev);
- return PTR_ERR(pdevs[i]);
+ return ret;
}
}

--
2.25.1