From: Arnd Bergmann <arnd@arndb.de>
Date: Wed, 11 Jan 2017 13:39:44 +0000 (+0100)
Subject: ALSA: hda/ca0132 - fix possible NULL pointer use
X-Git-Tag: submit/tizen/20200108.133605~11
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=709f71896b16ceb2ee767504dfaa05bc8209b9d4;p=sdk%2Femulator%2Femulator-kernel.git

ALSA: hda/ca0132 - fix possible NULL pointer use

gcc-7 caught what it considers a NULL pointer dereference:

sound/pci/hda/patch_ca0132.c: In function 'dspio_scp.constprop':
sound/pci/hda/patch_ca0132.c:1487:4: error: argument 1 null where non-null expected [-Werror=nonnull]

This is plausible from looking at the function, as we compare 'reply'
to NULL earlier in it. I have not tried to analyze if there are constraints
that make it impossible to hit the bug, but adding another NULL check in
the end kills the warning and makes the function more robust.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

[dongkyun.s: cherry-pick mainline commit 46a049dae771 for gcc 9 build]

Change-Id: Id0faddb2d8b93b5b9aa522ae7ef08c34886df5e6
---

diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c
index 9ceb2bc..8da1cd4 100644
--- a/sound/pci/hda/patch_ca0132.c
+++ b/sound/pci/hda/patch_ca0132.c
@@ -1481,6 +1481,9 @@ static int dspio_scp(struct hda_codec *codec,
 		} else if (ret_size != reply_data_size) {
 			codec_dbg(codec, "RetLen and HdrLen .NE.\n");
 			return -EINVAL;
+		} else if (!reply) {
+			codec_dbg(codec, "NULL reply\n");
+			return -EINVAL;
 		} else {
 			*reply_len = ret_size*sizeof(unsigned int);
 			memcpy(reply, scp_reply.data, *reply_len);