If fwtty_install() will be invoked with such tty->index that will be not less than MAX_TOTAL_PORTS then fwtty_port_get() will return NULL and fwtty_install() will either assign it to tty->driver_data or dereference in fwtty_port_put() (if tty_standard_install() will fail). The similar situation is with fwloop_install(). The patch fixes both cases. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Evgeny Novikov <novikov@xxxxxxxxx> --- drivers/staging/fwserial/fwserial.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/staging/fwserial/fwserial.c b/drivers/staging/fwserial/fwserial.c index 1ee6382cafc4..d0810896511e 100644 --- a/drivers/staging/fwserial/fwserial.c +++ b/drivers/staging/fwserial/fwserial.c @@ -1069,6 +1069,9 @@ static int fwtty_install(struct tty_driver *driver, struct tty_struct *tty) struct fwtty_port *port = fwtty_port_get(tty->index); int err; + if (!port) + return -ENODEV; + err = tty_standard_install(driver, tty); if (!err) tty->driver_data = port; @@ -1082,6 +1085,9 @@ static int fwloop_install(struct tty_driver *driver, struct tty_struct *tty) struct fwtty_port *port = fwtty_port_get(table_idx(tty->index)); int err; + if (!port) + return -ENODEV; + err = tty_standard_install(driver, tty); if (!err) tty->driver_data = port; -- 2.26.2
