From 8e5fa4c67d6387d40e2ae350e96fca939ba5e681 Mon Sep 17 00:00:00 2001 From: Andi Shyti Date: Wed, 6 Jul 2016 06:01:26 -0300 Subject: [PATCH] [media] lirc_dev: fix potential segfault When opening or closing a lirc character device, the framework provides to the user the possibility to keep track of opening or closing of the device by calling two functions: - set_use_inc() when opening the device - set_use_dec() when closing the device if those are not set by the lirc user, the system segfaults. Check the pointer value before calling the above functions. Signed-off-by: Andi Shyti Signed-off-by: Mauro Carvalho Chehab --- drivers/media/rc/lirc_dev.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c index 4be447070fc4..a107ab6bcb88 100644 --- a/drivers/media/rc/lirc_dev.c +++ b/drivers/media/rc/lirc_dev.c @@ -411,7 +411,10 @@ int lirc_unregister_driver(int minor) ir->d.name, ir->d.minor); wake_up_interruptible(&ir->buf->wait_poll); mutex_lock(&ir->irctl_lock); - ir->d.set_use_dec(ir->d.data); + + if (ir->d.set_use_dec) + ir->d.set_use_dec(ir->d.data); + module_put(cdev->owner); mutex_unlock(&ir->irctl_lock); } else { @@ -469,7 +472,8 @@ int lirc_dev_fop_open(struct inode *inode, struct file *file) cdev = ir->cdev; if (try_module_get(cdev->owner)) { ir->open++; - retval = ir->d.set_use_inc(ir->d.data); + if (ir->d.set_use_inc) + retval = ir->d.set_use_inc(ir->d.data); if (retval) { module_put(cdev->owner); @@ -510,7 +514,8 @@ int lirc_dev_fop_close(struct inode *inode, struct file *file) ir->open--; if (ir->attached) { - ir->d.set_use_dec(ir->d.data); + if (ir->d.set_use_dec) + ir->d.set_use_dec(ir->d.data); module_put(cdev->owner); } else { lirc_irctl_cleanup(ir); -- 2.34.1