On Sun, Aug 13, 2017 at 6:06 AM, Eugeniu Rosca <roscaeugeniu@xxxxxxxxx> wrote:
> From: Eugeniu Rosca <erosca@xxxxxxxxxxxxxx>
>
> Reviewing the delta between cppcheck output of v4.9.39 and v4.9.40
> stable updates, I stumbled on the new warning:
>
> mxl111sf.c:80: (warning) Possible null pointer dereference: rbuf
>
> Since copying state->rcvbuf into rbuf is not needed in the 'write-only'
> scenario (i.e. calling mxl111sf_ctrl_msg() from mxl111sf_i2c_send_data()
> or from mxl111sf_write_reg()), bypass memcpy() in this case.
>
> Fixes: d90b336f3f65 ("[media] mxl111sf: Fix driver to use heap allocate buffers for USB messages")
> Signed-off-by: Eugeniu Rosca <erosca@xxxxxxxxxxxxxx>
> ---
> drivers/media/usb/dvb-usb-v2/mxl111sf.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Reviewed-by: Michael Ira Krufky <mkrufky@xxxxxxxxxxx>
Thank you for this, Eugeniu
> diff --git a/drivers/media/usb/dvb-usb-v2/mxl111sf.c b/drivers/media/usb/dvb-usb-v2/mxl111sf.c
> index b0d5904a4ea6..67953360fda5 100644
> --- a/drivers/media/usb/dvb-usb-v2/mxl111sf.c
> +++ b/drivers/media/usb/dvb-usb-v2/mxl111sf.c
> @@ -77,7 +77,9 @@ int mxl111sf_ctrl_msg(struct mxl111sf_state *state,
> dvb_usbv2_generic_rw(d, state->sndbuf, 1+wlen, state->rcvbuf,
> rlen);
>
> - memcpy(rbuf, state->rcvbuf, rlen);
> + if (rbuf)
> + memcpy(rbuf, state->rcvbuf, rlen);
> +
> mutex_unlock(&state->msg_lock);
>
> mxl_fail(ret);
> --
> 2.14.1
>
