staging: comedi: dt282x: fix a null pointer deref on interrupt · mariux64/linux@ffdd4aa

Commit

staging: comedi: dt282x: fix a null pointer deref on interrupt

commit b8336be upstream.

The interrupt handler `dt282x_interrupt()` causes a null pointer
dereference for those supported boards that have no analog output
support.  For these boards, `dev->write_subdev` will be `NULL` and
therefore the `s_ao` subdevice pointer variable will be `NULL`.  In that
case, the following call near the end of the interrupt handler results
in a null pointer dereference:

	cfc_handle_events(dev, s_ao);

[ Upstream equivalent:
	comedi_handle_events(dev, s_ao);
  -- IA ]

Fix it by only calling the above function if `s_ao` is valid.

(There are other uses of `s_ao` by the interrupt handler that may or may
not be reached depending on values of hardware registers.  Trust that
they are reliable for now.)

Fixes: f21c74f ("staging: comedi: dt282x: use cfc_handle_events()")
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Loading branch information

Ian Abbott authored and Ben Hutchings committed Sep 23, 2019

1 parent 2be081b commit ffdd4aa

drivers/staging/comedi/drivers/dt282x.c

-Original file line number
+Diff line change
@@ Expand Up / @@ -483,7 +483,8 @@ static irqreturn_t dt282x_interrupt(int irq, void *d) @@
     	}
     #endif
     	cfc_handle_events(dev, s);
-    	cfc_handle_events(dev, s_ao);
+    	if (s_ao)
+    		cfc_handle_events(dev, s_ao);
     	return IRQ_RETVAL(handled);
     }
@@ Expand Down @@

0 comments on commit `ffdd4aa`

Please sign in to comment.

Commit

There are no files selected for viewing

0 comments on commit ffdd4aa

0 comments on commit `ffdd4aa`