staging: comedi: pcmuio: fix possible NULL deref on detach
authorIan Abbott <abbotti@mev.co.uk>
Tue, 20 Aug 2013 10:50:19 +0000 (11:50 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 20 Dec 2013 15:45:11 +0000 (07:45 -0800)
commit 2fd2bdfccae61efe18f6b92b6a45fbf936d75b48 upstream.

pcmuio_detach() is called by the comedi core even if pcmuio_attach()
returned an error, so `dev->private` might be `NULL`.  Check for that
before dereferencing it.

Also, as pointed out by Dan Carpenter, there is no need to check the
pointer passed to `kfree()` is non-NULL, so remove that check.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/comedi/drivers/pcmuio.c

index 0c98e26bbba111e9835124b9c281de2d0c660b7f..b5ed093e59c34e9b60acf0e03f99785d9b54e26d 100644 (file)
@@ -935,12 +935,13 @@ static void pcmuio_detach(struct comedi_device *dev)
        struct pcmuio_private *devpriv = dev->private;
        int i;
 
-       for (i = 0; i < MAX_ASICS; ++i) {
-               if (devpriv->asics[i].irq)
-                       free_irq(devpriv->asics[i].irq, dev);
-       }
-       if (devpriv && devpriv->sprivs)
+       if (devpriv) {
+               for (i = 0; i < MAX_ASICS; ++i) {
+                       if (devpriv->asics[i].irq)
+                               free_irq(devpriv->asics[i].irq, dev);
+               }
                kfree(devpriv->sprivs);
+       }
        comedi_legacy_detach(dev);
 }