dma-buf/udmabuf: Fix NULL pointer dereference in udmabuf_create
authorGustavo A. R. Silva <gustavo@embeddedor.com>
Tue, 4 Sep 2018 19:07:49 +0000 (14:07 -0500)
committerGerd Hoffmann <kraxel@redhat.com>
Wed, 5 Sep 2018 06:28:28 +0000 (08:28 +0200)
There is a potential execution path in which pointer memfd is NULL when
passed as argument to fput(), hence there is a NULL pointer dereference
in fput().

Fix this by null checking *memfd* before calling fput().

Addresses-Coverity-ID: 1473174 ("Explicit null dereferenced")
Fixes: fbb0de795078 ("Add udmabuf misc device")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20180904190749.GA9308@embeddedor.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
drivers/dma-buf/udmabuf.c

index 8e24204526cc179867d7b6a8eb34d07ed7e93244..2e8502250afecacf7afff1e4960762dc45962035 100644 (file)
@@ -194,7 +194,8 @@ err_put_pages:
        while (pgbuf > 0)
                put_page(ubuf->pages[--pgbuf]);
 err_free_ubuf:
-       fput(memfd);
+       if (memfd)
+               fput(memfd);
        kfree(ubuf->pages);
        kfree(ubuf);
        return ret;