Fix the problem of dereferencing a NULL pointer
The pointer st33spi will be dereferenced after it was positively
checked for NULL, isolate the condition st33spi == NULL and return
errno ENODEV
Bug: 205943658
Bug: 205950808
Bug: 205950761
Test: Manual
Change-Id: I23642ef8a8261de11aa58e5c9ff2e30476062009
diff --git a/ese/st33spi.c b/ese/st33spi.c
index 825d186..d72ccbd 100644
--- a/ese/st33spi.c
+++ b/ese/st33spi.c
@@ -287,7 +287,10 @@
st33spi = filp->private_data;
- if (st33spi == NULL || !st33spi->spi_state) {
+ if (st33spi == NULL)
+ return -ENODEV;
+
+ if (!st33spi->spi_state) {
dev_warn(&st33spi->spi->dev, "st33spi: spi is not enabled, abort read process\n");
return -EFAULT;
}
@@ -326,7 +329,10 @@
st33spi = filp->private_data;
- if (st33spi == NULL || !st33spi->spi_state) {
+ if (st33spi == NULL)
+ return -ENODEV;
+
+ if (!st33spi->spi_state) {
dev_warn(&st33spi->spi->dev, "st33spi: spi is not enabled, abort write process\n");
return -EFAULT;
}
@@ -796,7 +802,7 @@
static int st33spi_open(struct inode *inode, struct file *filp)
{
- struct st33spi_data *st33spi;
+ struct st33spi_data *st33spi = NULL;
int status = -ENXIO;
mutex_lock(&device_list_lock);
@@ -808,13 +814,16 @@
}
}
+ if (st33spi == NULL)
+ return -ENODEV;
+
if (status) {
dev_dbg(&st33spi->spi->dev, "st33spi: nothing for minor %d\n",
iminor(inode));
goto err_find_dev;
}
- if (st33spi == NULL || !st33spi->spi_state) {
+ if (!st33spi->spi_state) {
dev_warn(&st33spi->spi->dev,
"st33spi: spi is not enabled, abort open process\n");
mutex_unlock(&device_list_lock);
