From 4b3d87497bf25fa89904d3e5d1ce3e0867ca1de6 Mon Sep 17 00:00:00 2001 From: Hardik Arya Date: Wed, 21 Feb 2018 18:16:40 +0530 Subject: [PATCH] diag: Add NULL pointer check for write buffer of fwd_info Currently there is a possibility of NULL pointer dereference because of missing NULL pointer check for writer buffer of fwd_info. The patch adds NULL pointer check before accessing write buffer buf_ptr of fwd_info. CRs-Fixed: 2193526 Change-Id: Ie79eb1c7e3635210c09d4fbb1c751c6a908196ee Signed-off-by: Hardik Arya --- drivers/char/diag/diagfwd_peripheral.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/char/diag/diagfwd_peripheral.c b/drivers/char/diag/diagfwd_peripheral.c index 6b74c0056d1b..6f240cacff58 100644 --- a/drivers/char/diag/diagfwd_peripheral.c +++ b/drivers/char/diag/diagfwd_peripheral.c @@ -1106,8 +1106,11 @@ void *diagfwd_request_write_buf(struct diagfwd_info *fwd_info) int index; unsigned long flags; + if (!fwd_info) + return NULL; spin_lock_irqsave(&fwd_info->write_buf_lock, flags); - for (index = 0 ; index < NUM_WRITE_BUFFERS; index++) { + for (index = 0; (index < NUM_WRITE_BUFFERS) && fwd_info->buf_ptr[index]; + index++) { if (!atomic_read(&(fwd_info->buf_ptr[index]->in_busy))) { atomic_set(&(fwd_info->buf_ptr[index]->in_busy), 1); buf = fwd_info->buf_ptr[index]->data; @@ -1529,7 +1532,8 @@ int diagfwd_write_buffer_done(struct diagfwd_info *fwd_info, const void *ptr) if (!fwd_info || !ptr) return found; spin_lock_irqsave(&fwd_info->write_buf_lock, flags); - for (index = 0; index < NUM_WRITE_BUFFERS; index++) { + for (index = 0; (index < NUM_WRITE_BUFFERS) && fwd_info->buf_ptr[index]; + index++) { if (fwd_info->buf_ptr[index]->data == ptr) { atomic_set(&fwd_info->buf_ptr[index]->in_busy, 0); found = 1;