From: Julia Lawall Date: Fri, 28 Oct 2011 22:58:17 +0000 (-0300) Subject: [media] drivers/media/video/davinci/vpbe_display.c: eliminate a null pointer dereference X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=49a0513c1fca2c43b14416f3f40220fa01ab5e39;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [media] drivers/media/video/davinci/vpbe_display.c: eliminate a null pointer dereference In the original code, probe_out could be reached when res was null and then when the irq had not yet been requested. In those cases, the call to free_irq is not needed, so move probe_out down and introduce a new label for the case where calling free_irq is useful. The semantic match that finds this problem is as follows: // @r@ expression E, E1; identifier f; statement S1,S2,S3; @@ if (E == NULL) { ... when != if (E == NULL || ...) S1 else S2 when != E = E1 *E->f ... when any return ...; } else S3 // Signed-off-by: Julia Lawall Signed-off-by: Mauro Carvalho Chehab --- diff --git a/drivers/media/video/davinci/vpbe_display.c b/drivers/media/video/davinci/vpbe_display.c index 8588a86d9b45..d98da4bfb256 100644 --- a/drivers/media/video/davinci/vpbe_display.c +++ b/drivers/media/video/davinci/vpbe_display.c @@ -1746,15 +1746,16 @@ static __devinit int vpbe_display_probe(struct platform_device *pdev) for (i = 0; i < VPBE_DISPLAY_MAX_DEVICES; i++) { if (register_device(disp_dev->dev[i], disp_dev, pdev)) { err = -ENODEV; - goto probe_out; + goto probe_out_irq; } } printk(KERN_DEBUG "Successfully completed the probing of vpbe v4l2 device\n"); return 0; -probe_out: +probe_out_irq: free_irq(res->start, disp_dev); +probe_out: for (k = 0; k < VPBE_DISPLAY_MAX_DEVICES; k++) { /* Get the pointer to the layer object */ vpbe_display_layer = disp_dev->dev[k];