diff options
| author | Ian Abbott <abbotti@mev.co.uk> | 2019-07-12 15:02:37 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2019-09-23 21:12:18 +0100 |
| commit | ffdd4aac4f2d7959b3df70ac327b2c73dd592a26 (patch) | |
| tree | ab437203f7eceed6a4ae85d2fc0f784399886d86 | |
| parent | 2be081b4ec9c3630a678b7abf8216e78dbba459d (diff) | |
staging: comedi: dt282x: fix a null pointer deref on interrupt
commit b8336be66dec06bef518030a0df9847122053ec5 upstream.
The interrupt handler `dt282x_interrupt()` causes a null pointer
dereference for those supported boards that have no analog output
support. For these boards, `dev->write_subdev` will be `NULL` and
therefore the `s_ao` subdevice pointer variable will be `NULL`. In that
case, the following call near the end of the interrupt handler results
in a null pointer dereference:
cfc_handle_events(dev, s_ao);
[ Upstream equivalent:
comedi_handle_events(dev, s_ao);
-- IA ]
Fix it by only calling the above function if `s_ao` is valid.
(There are other uses of `s_ao` by the interrupt handler that may or may
not be reached depending on values of hardware registers. Trust that
they are reliable for now.)
Fixes: f21c74fa4cfe ("staging: comedi: dt282x: use cfc_handle_events()")
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
| -rw-r--r-- | drivers/staging/comedi/drivers/dt282x.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/staging/comedi/drivers/dt282x.c b/drivers/staging/comedi/drivers/dt282x.c index c2a66dcf99fe..6a1222c45d35 100644 --- a/drivers/staging/comedi/drivers/dt282x.c +++ b/drivers/staging/comedi/drivers/dt282x.c @@ -483,7 +483,8 @@ static irqreturn_t dt282x_interrupt(int irq, void *d) } #endif cfc_handle_events(dev, s); - cfc_handle_events(dev, s_ao); + if (s_ao) + cfc_handle_events(dev, s_ao); return IRQ_RETVAL(handled); } |