projects / platform / kernel / linux-exynos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dcc68c6)
Bluetooth: hci_uart: Fix dereferencing of ERR_PTR
authorChan-yeol Park <chanyeol.park@samsung.com>
Wed, 17 Jun 2015 12:10:39 +0000 (21:10 +0900)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Mon, 4 Apr 2016 01:12:21 +0000 (10:12 +0900)
If h4_recv_buf() return ERR_PTR instead sk_buff pointer, it should be
cleared once PTR_ERR is completed for the further dereference such as
h4_recv(), or h4_close().

Signed-off-by: Chan-yeol Park <chanyeol.park@samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
drivers/bluetooth/hci_ath.c patch | blob | history
drivers/bluetooth/hci_bcm.c patch | blob | history
drivers/bluetooth/hci_h4.c patch | blob | history

diff --git a/drivers/bluetooth/hci_ath.c b/drivers/bluetooth/hci_ath.c
index ec8fa0e0f03630c9646a60b831277477a249b010..6da5e4ca13ea6d925807660582be5957c4903752 100644 (file)
--- a/drivers/bluetooth/hci_ath.c
+++ b/drivers/bluetooth/hci_ath.c
@@ -192,6 +192,7 @@ static int ath_recv(struct hci_uart *hu, const void *data, int count)
        if (IS_ERR(ath->rx_skb)) {
                int err = PTR_ERR(ath->rx_skb);
                BT_ERR("%s: Frame reassembly failed (%d)", hu->hdev->name, err);
+               ath->rx_skb = NULL;
                return err;
        }
 
diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c
index 1ec0b4a5ffa64401b154f5b119afa4be89db3db2..7c2151f6d77298b4465df80068d20c61108ddcfc 100644 (file)
--- a/drivers/bluetooth/hci_bcm.c
+++ b/drivers/bluetooth/hci_bcm.c
@@ -104,6 +104,7 @@ static int bcm_recv(struct hci_uart *hu, const void *data, int count)
        if (IS_ERR(bcm->rx_skb)) {
                int err = PTR_ERR(bcm->rx_skb);
                BT_ERR("%s: Frame reassembly failed (%d)", hu->hdev->name, err);
+               bcm->rx_skb = NULL;
                return err;
        }
 
diff --git a/drivers/bluetooth/hci_h4.c b/drivers/bluetooth/hci_h4.c
index f7190f01e1357b764504b0084128804ca87d6a6e..57faddc53645a33fdb7e9e334ffddbadd7c1cb98 100644 (file)
--- a/drivers/bluetooth/hci_h4.c
+++ b/drivers/bluetooth/hci_h4.c
@@ -133,6 +133,7 @@ static int h4_recv(struct hci_uart *hu, const void *data, int count)
        if (IS_ERR(h4->rx_skb)) {
                int err = PTR_ERR(h4->rx_skb);
                BT_ERR("%s: Frame reassembly failed (%d)", hu->hdev->name, err);
+               h4->rx_skb = NULL;
                return err;
        }
 
Domain: System / Kernel;