evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

diag: Add NULL pointer check for write buffer of fwd_info

Browse source 
Currently there is a possibility of NULL pointer dereference
because of missing NULL pointer check for writer buffer of
fwd_info. The patch adds NULL pointer check before accessing
write buffer buf_ptr of fwd_info.

CRs-Fixed: 2193526
Change-Id: Ie79eb1c7e3635210c09d4fbb1c751c6a908196ee
Signed-off-by: Hardik Arya <harya@codeaurora.org>
This commit is contained in:
Hardik Arya 2018-02-21 18:16:40 +05:30 committed by Gerrit - the friendly Code Review server
parent c9dc859c2c
commit 4b3d87497b
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
drivers/char/diag/diagfwd_peripheral.c
View file

@ -1106,8 +1106,11 @@ void *diagfwd_request_write_buf(struct diagfwd_info *fwd_info)
int index;
unsigned long flags;
if (!fwd_info)
return NULL;
spin_lock_irqsave(&fwd_info->write_buf_lock, flags);
for (index = 0 ; index < NUM_WRITE_BUFFERS; index++) {
for (index = 0; (index < NUM_WRITE_BUFFERS) && fwd_info->buf_ptr[index];
index++) {
if (!atomic_read(&(fwd_info->buf_ptr[index]->in_busy))) {
atomic_set(&(fwd_info->buf_ptr[index]->in_busy), 1);
buf = fwd_info->buf_ptr[index]->data;
@ -1529,7 +1532,8 @@ int diagfwd_write_buffer_done(struct diagfwd_info *fwd_info, const void *ptr)
if (!fwd_info || !ptr)
return found;
spin_lock_irqsave(&fwd_info->write_buf_lock, flags);
for (index = 0; index < NUM_WRITE_BUFFERS; index++) {
for (index = 0; (index < NUM_WRITE_BUFFERS) && fwd_info->buf_ptr[index];
index++) {
if (fwd_info->buf_ptr[index]->data == ptr) {
atomic_set(&fwd_info->buf_ptr[index]->in_busy, 0);
found = 1;