If h4_recv_buff() return ERR_PTR, h4->rx_skb should not be dereferenced.
Signed-off-by: Chan-yeol Park <chanyeol.park@xxxxxxxxxxx>
---
drivers/bluetooth/hci_h4.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/bluetooth/hci_h4.c b/drivers/bluetooth/hci_h4.c
index f7190f0..54116464 100644
--- a/drivers/bluetooth/hci_h4.c
+++ b/drivers/bluetooth/hci_h4.c
@@ -92,7 +92,8 @@ static int h4_close(struct hci_uart *hu)
skb_queue_purge(&h4->txq);
- kfree_skb(h4->rx_skb);
+ if (!IS_ERR(h4->rx_skb))
+ kfree_skb(h4->rx_skb);
hu->priv = NULL;
kfree(h4);
@@ -173,7 +174,7 @@ struct sk_buff *h4_recv_buf(struct hci_dev *hdev, struct sk_buff *skb,
while (count) {
int i, len;
- if (!skb) {
+ if (IS_ERR_OR_NULL(skb)) {
for (i = 0; i < pkts_count; i++) {
if (buffer[0] != (&pkts[i])->type)
continue;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
