From: Ian Abbott Date: Tue, 20 Aug 2013 10:50:19 +0000 (+0100) Subject: staging: comedi: pcmuio: fix possible NULL deref on detach X-Git-Tag: firefly_0821_release~176^2~5471^2~186 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=2fd2bdfccae61efe18f6b92b6a45fbf936d75b48;p=firefly-linux-kernel-4.4.55.git staging: comedi: pcmuio: fix possible NULL deref on detach pcmuio_detach() is called by the comedi core even if pcmuio_attach() returned an error, so `dev->private` might be `NULL`. Check for that before dereferencing it. Also, as pointed out by Dan Carpenter, there is no need to check the pointer passed to `kfree()` is non-NULL, so remove that check. Signed-off-by: Ian Abbott Cc: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/comedi/drivers/pcmuio.c b/drivers/staging/comedi/drivers/pcmuio.c index f9424554539d..67e2bb1d66f0 100644 --- a/drivers/staging/comedi/drivers/pcmuio.c +++ b/drivers/staging/comedi/drivers/pcmuio.c @@ -672,12 +672,13 @@ static void pcmuio_detach(struct comedi_device *dev) struct pcmuio_private *devpriv = dev->private; int i; - for (i = 0; i < PCMUIO_MAX_ASICS; ++i) { - if (devpriv->asics[i].irq) - free_irq(devpriv->asics[i].irq, dev); - } - if (devpriv && devpriv->sprivs) + if (devpriv) { + for (i = 0; i < PCMUIO_MAX_ASICS; ++i) { + if (devpriv->asics[i].irq) + free_irq(devpriv->asics[i].irq, dev); + } kfree(devpriv->sprivs); + } comedi_legacy_detach(dev); }