[media] drivers/media/video/davinci/vpbe_display.c: eliminate a null pointer dereference
authorJulia Lawall <julia@diku.dk>
Fri, 28 Oct 2011 22:58:17 +0000 (19:58 -0300)
committerMauro Carvalho Chehab <mchehab@redhat.com>
Mon, 7 Nov 2011 15:13:15 +0000 (13:13 -0200)
In the original code, probe_out could be reached when res was null and then
when the irq had not yet been requested.  In those cases, the call to
free_irq is not needed, so move probe_out down and introduce a new label
for the case where calling free_irq is useful.

The semantic match that finds this problem is as follows:

// <smpl>
@r@
expression E, E1;
identifier f;
statement S1,S2,S3;
@@

if (E == NULL)
{
  ... when != if (E == NULL || ...) S1 else S2
      when != E = E1
*E->f
  ... when any
  return ...;
}
else S3
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
drivers/media/video/davinci/vpbe_display.c

index 8588a86d9b45ecb31335924b5259499fd310d69c..d98da4bfb256b2948c546cc32935e59776b9470b 100644 (file)
@@ -1746,15 +1746,16 @@ static __devinit int vpbe_display_probe(struct platform_device *pdev)
        for (i = 0; i < VPBE_DISPLAY_MAX_DEVICES; i++) {
                if (register_device(disp_dev->dev[i], disp_dev, pdev)) {
                        err = -ENODEV;
-                       goto probe_out;
+                       goto probe_out_irq;
                }
        }
 
        printk(KERN_DEBUG "Successfully completed the probing of vpbe v4l2 device\n");
        return 0;
 
-probe_out:
+probe_out_irq:
        free_irq(res->start, disp_dev);
+probe_out:
        for (k = 0; k < VPBE_DISPLAY_MAX_DEVICES; k++) {
                /* Get the pointer to the layer object */
                vpbe_display_layer = disp_dev->dev[k];