In try_start_dim_transfer(), pointer hdm_ch is accessed before checking.
This may lead to a potential null pointer dereference. Fix this by
dereferencing hdm_ch after calling BUG_ON().
Signed-off-by: Jing Xiangfeng <jingxiangfeng@xxxxxxxxxx>
---
drivers/staging/most/dim2/dim2.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/most/dim2/dim2.c b/drivers/staging/most/dim2/dim2.c
index 509c8012d20b..ccd7cc7545e4 100644
--- a/drivers/staging/most/dim2/dim2.c
+++ b/drivers/staging/most/dim2/dim2.c
@@ -148,7 +148,7 @@ void dimcb_on_error(u8 error_id, const char *error_message)
static int try_start_dim_transfer(struct hdm_channel *hdm_ch)
{
u16 buf_size;
- struct list_head *head = &hdm_ch->pending_list;
+ struct list_head *head;
struct mbo *mbo;
unsigned long flags;
struct dim_ch_state_t st;
@@ -156,6 +156,7 @@ static int try_start_dim_transfer(struct hdm_channel *hdm_ch)
BUG_ON(!hdm_ch);
BUG_ON(!hdm_ch->is_initialized);
+ head = &hdm_ch->pending_list;
spin_lock_irqsave(&dim_lock, flags);
if (list_empty(head)) {
spin_unlock_irqrestore(&dim_lock, flags);
--
2.17.1
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
