From: Andi Shyti Date: Wed, 6 Jul 2016 09:01:26 +0000 (-0300) Subject: [media] lirc_dev: fix potential segfault X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=8e5fa4c67d6387d40e2ae350e96fca939ba5e681;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git [media] lirc_dev: fix potential segfault When opening or closing a lirc character device, the framework provides to the user the possibility to keep track of opening or closing of the device by calling two functions: - set_use_inc() when opening the device - set_use_dec() when closing the device if those are not set by the lirc user, the system segfaults. Check the pointer value before calling the above functions. Signed-off-by: Andi Shyti Signed-off-by: Mauro Carvalho Chehab --- diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c index 4be447070fc4..a107ab6bcb88 100644 --- a/drivers/media/rc/lirc_dev.c +++ b/drivers/media/rc/lirc_dev.c @@ -411,7 +411,10 @@ int lirc_unregister_driver(int minor) ir->d.name, ir->d.minor); wake_up_interruptible(&ir->buf->wait_poll); mutex_lock(&ir->irctl_lock); - ir->d.set_use_dec(ir->d.data); + + if (ir->d.set_use_dec) + ir->d.set_use_dec(ir->d.data); + module_put(cdev->owner); mutex_unlock(&ir->irctl_lock); } else { @@ -469,7 +472,8 @@ int lirc_dev_fop_open(struct inode *inode, struct file *file) cdev = ir->cdev; if (try_module_get(cdev->owner)) { ir->open++; - retval = ir->d.set_use_inc(ir->d.data); + if (ir->d.set_use_inc) + retval = ir->d.set_use_inc(ir->d.data); if (retval) { module_put(cdev->owner); @@ -510,7 +514,8 @@ int lirc_dev_fop_close(struct inode *inode, struct file *file) ir->open--; if (ir->attached) { - ir->d.set_use_dec(ir->d.data); + if (ir->d.set_use_dec) + ir->d.set_use_dec(ir->d.data); module_put(cdev->owner); } else { lirc_irctl_cleanup(ir);