[PATCH] staging: greybus: Fix potential NULL dereference

Haowen Bai <baihaowen@xxxxxxxxx> · Fri, 11 Mar 2022 16:35:30 +0800

Fix following coccicheck warning:
drivers/staging/greybus/bootrom.c:301:35-39: ERROR: fw is NULL but dereferenced.

When goto queue_work but dereference Uninitialized fw will trigger a NULL 
dereference.

Signed-off-by: Haowen Bai <baihaowen@xxxxxxxxx>
---
 drivers/staging/greybus/bootrom.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/drivers/staging/greybus/bootrom.c b/drivers/staging/greybus/bootrom.c
index a8efb86..6f3926b 100644
--- a/drivers/staging/greybus/bootrom.c
+++ b/drivers/staging/greybus/bootrom.c
@@ -252,14 +252,6 @@ static int gb_bootrom_get_firmware(struct gb_operation *op)
 	/* Disable timeouts */
 	gb_bootrom_cancel_timeout(bootrom);
 
-	if (op->request->payload_size != sizeof(*firmware_request)) {
-		dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n",
-			__func__, op->request->payload_size,
-			sizeof(*firmware_request));
-		ret = -EINVAL;
-		goto queue_work;
-	}
-
 	mutex_lock(&bootrom->mutex);
 
 	fw = bootrom->fw;
@@ -269,6 +261,15 @@ static int gb_bootrom_get_firmware(struct gb_operation *op)
 		goto unlock;
 	}
 
+	if (op->request->payload_size != sizeof(*firmware_request)) {
+		dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n",
+			__func__, op->request->payload_size,
+			sizeof(*firmware_request));
+		ret = -EINVAL;
+		mutex_unlock(&bootrom->mutex);
+		goto queue_work;
+	}
+
 	firmware_request = op->request->payload;
 	offset = le32_to_cpu(firmware_request->offset);
 	size = le32_to_cpu(firmware_request->size);
-- 
2.7.4








