From: Eugeniu Rosca <erosca@de.adit-jv.com>
Date: Sun, 13 Aug 2017 10:06:29 +0000 (-0400)
Subject: media: mxl111sf: Fix potential null pointer dereference
X-Git-Tag: v4.14-rc6~35^2~118
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=87e9201108b7d63cc4a50faca3baad48c4ec99f8;p=platform%2Fkernel%2Flinux-rpi.git

media: mxl111sf: Fix potential null pointer dereference

Reviewing the delta between cppcheck output of v4.9.39 and v4.9.40
stable updates, I stumbled on the new warning:

mxl111sf.c:80: (warning) Possible null pointer dereference: rbuf

Since copying state->rcvbuf into rbuf is not needed in the 'write-only'
scenario (i.e. calling mxl111sf_ctrl_msg() from mxl111sf_i2c_send_data()
or from mxl111sf_write_reg()), bypass memcpy() in this case.

Fixes: d90b336f3f65 ("[media] mxl111sf: Fix driver to use heap allocate buffers for USB messages")

Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Michael Ira Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
---

diff --git a/drivers/media/usb/dvb-usb-v2/mxl111sf.c b/drivers/media/usb/dvb-usb-v2/mxl111sf.c
index b0d5904..6795336 100644
--- a/drivers/media/usb/dvb-usb-v2/mxl111sf.c
+++ b/drivers/media/usb/dvb-usb-v2/mxl111sf.c
@@ -77,7 +77,9 @@ int mxl111sf_ctrl_msg(struct mxl111sf_state *state,
 		dvb_usbv2_generic_rw(d, state->sndbuf, 1+wlen, state->rcvbuf,
 				     rlen);
 
-	memcpy(rbuf, state->rcvbuf, rlen);
+	if (rbuf)
+		memcpy(rbuf, state->rcvbuf, rlen);
+
 	mutex_unlock(&state->msg_lock);
 
 	mxl_fail(ret);