On Fri, Apr 06, 2018 at 10:23:04AM -0400, Mauro Carvalho Chehab wrote: > As warned: > drivers/staging/media/davinci_vpfe/dm365_ipipe.c:1834 vpfe_ipipe_init() error: we previously assumed 'res' could be null (see line 1797) > > There's something wrong at vpfe_ipipe_init(): > > 1) it caches the resourse_size() from from the first region > and reuses to the second region; > > 2) the "res" var is overriden 3 times; > > 3) at free logic, it assumes that "res->start" is not > overriden by platform_get_resource(pdev, IORESOURCE_MEM, 6), > but that's not true, as it can even be NULL there. > > This patch fixes the above issues by: > > a) store the resources used by release_mem_region() on > a separate var; > > b) stop caching resource_size(), using the function where > needed. > > Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxxx> I ran coccicheck on a 4.14.74 stable kernel and noticed that 'res' can be NULL in vpfe_ipipe_init. It looks like this patch is not included in the 4.14 stable series. Can this patch be applied? I applied it myself and it applies cleanly, but I have no way to test it. That 'res->start' error_release could end up a NULL pointer deref. - Joel
