On Sun, Sep 27, 2015 at 09:30:54PM +0200, Mateusz Kulikowski wrote:
> Firmware was not released properly if kmemdup fails.
>
> Addresses-Coverity-Id: 1269118
> Signed-off-by: Mateusz Kulikowski <mateusz.kulikowski@xxxxxxxxx>
> ---
> drivers/staging/rtl8723au/hal/rtl8723a_hal_init.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/rtl8723au/hal/rtl8723a_hal_init.c b/drivers/staging/rtl8723au/hal/rtl8723a_hal_init.c
> index cd014f7..87bb87f 100644
> --- a/drivers/staging/rtl8723au/hal/rtl8723a_hal_init.c
> +++ b/drivers/staging/rtl8723au/hal/rtl8723a_hal_init.c
> @@ -249,13 +249,13 @@ int rtl8723a_FirmwareDownload(struct rtw_adapter *padapter)
> goto Exit;
> }
> firmware_buf = kmemdup(fw->data, fw->size, GFP_KERNEL);
> + release_firmware(fw);
> if (!firmware_buf) {
> rtStatus = _FAIL;
> goto Exit;
> }
> buf = firmware_buf;
> fw_size = fw->size;
> - release_firmware(fw);
You are releasing the firmware and then accessing fw->size here. That
just introduced a NULL pointer dereference.
regards
sudip
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
