[PATCH] hwmon: w83793: Fix possible null-pointer dereferences in watchdog_open()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In watchdog_open(), data is initialized as NULL.
After the loop "list_for_each_entry" on lines 1302-1307, 
data may not be assigned, thus data is still NULL.

In this case, data is used on line 1310:
    watchdog_is_open = test_and_set_bit(0, &data->watchdog_is_open);
and on line 1317:
    kref_get(&data->kref);
and on line 1326:
    watchdog_enable(data);

Thus, possible null-pointer dereferences may occur.

To fix these bugs, data is checked after the loop.
If it is NULL, the mutex lock is released and -EINVAL is returned.

These bugs are found by a static analysis tool STCheck written by us.

Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
---
 drivers/hwmon/w83793.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/hwmon/w83793.c b/drivers/hwmon/w83793.c
index 46f5dfec8d0a..f299716d5d94 100644
--- a/drivers/hwmon/w83793.c
+++ b/drivers/hwmon/w83793.c
@@ -1306,6 +1306,11 @@ static int watchdog_open(struct inode *inode, struct file *filp)
 		}
 	}
 
+	if (!data) {
+		mutex_unlock(&watchdog_data_mutex);
+		return -EINVAL;
+	}
+
 	/* Check, if device is already open */
 	watchdog_is_open = test_and_set_bit(0, &data->watchdog_is_open);
 
-- 
2.17.0




[Index of Archives]     [LM Sensors]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux