evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

soc: qcom: spcom: spcom_device_read() check filp->private_data

Browse source 
spcom_device_read() should check that filp->private_data is not NULL
before using it.

CRs-Fixed: 2016948
Change-Id: I663d31e69b1f170c4a125705f1e1a1fde4ed098b
Signed-off-by: Amir Samuelov <amirs@codeaurora.org>
This commit is contained in:
Amir Samuelov 2017-03-20 14:17:27 +02:00 committed by Gerrit - the friendly Code Review server
parent 687a4eb82b
commit fd8b38e352
1 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
drivers/soc/qcom/spcom.c
View file

@ -2241,7 +2241,7 @@ static ssize_t spcom_device_write(struct file *filp,
} }
/** /**
* spcom_device_read() - handle channel file write() from user space. * spcom_device_read() - handle channel file read() from user space.
* *
* @filp: file pointer * @filp: file pointer
* *
@ -2267,6 +2267,16 @@ static ssize_t spcom_device_read(struct file *filp, char __user *user_buff,
ch = filp->private_data; ch = filp->private_data;
if (ch == NULL) {
pr_err("invalid ch pointer, file [%s].\n", name);
return -EINVAL;
}
if (!spcom_is_channel_open(ch)) {
pr_err("ch is not open, file [%s].\n", name);
return -EINVAL;
}
buf = kzalloc(size, GFP_KERNEL); buf = kzalloc(size, GFP_KERNEL);
if (buf == NULL) if (buf == NULL)
return -ENOMEM; return -ENOMEM;
@ -2354,6 +2364,10 @@ static unsigned int spcom_device_poll(struct file *filp,
done = (spcom_dev->link_state == GLINK_LINK_STATE_UP); done = (spcom_dev->link_state == GLINK_LINK_STATE_UP);
break; break;
case SPCOM_POLL_CH_CONNECT: case SPCOM_POLL_CH_CONNECT:
if (ch == NULL) {
pr_err("invalid ch pointer, file [%s].\n", name);
return -EINVAL;
}
pr_debug("ch [%s] SPCOM_POLL_CH_CONNECT.\n", name); pr_debug("ch [%s] SPCOM_POLL_CH_CONNECT.\n", name);
if (wait) { if (wait) {
reinit_completion(&ch->connect); reinit_completion(&ch->connect);