If rtsx_probe fails to allocate dev->chip, then NULL pointer dereference occurs at rtsx_release_resources(). Patch adds checks chip on NULL before its dereference at rtsx_release_resources and passing with dereference inside rtsx_release_chip. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Anton Vasilyev <vasilyev@xxxxxxxxx> --- drivers/staging/rts5208/rtsx.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rts5208/rtsx.c b/drivers/staging/rts5208/rtsx.c index 70e0b8623110..952dd0d580cf 100644 --- a/drivers/staging/rts5208/rtsx.c +++ b/drivers/staging/rts5208/rtsx.c @@ -623,12 +623,13 @@ static void rtsx_release_resources(struct rtsx_dev *dev) if (dev->irq > 0) free_irq(dev->irq, (void *)dev); - if (dev->chip->msi_en) + if (dev->chip && dev->chip->msi_en) pci_disable_msi(dev->pci); if (dev->remap_addr) iounmap(dev->remap_addr); + if (dev->chip) + rtsx_release_chip(dev->chip); - rtsx_release_chip(dev->chip); kfree(dev->chip); } -- 2.17.1 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
