diag: Add NULL checks for the mask and mask pointer (40c47875) · Commits · e / devices / android_kernel_oneplus_sm8150

drivers/char/diag/diag_masks.c

+20 −3

Original line number	Diff line number	Diff line
		@@ -169,6 +169,9 @@ static void diag_send_log_mask_update(uint8_t peripheral, int equip_id)

		mutex_lock(&mask_info->lock);
		for (i = 0; i < MAX_EQUIP_ID; i++, mask++) {
		if (!mask->ptr)
		continue;

		if (equip_id != i && equip_id != ALL_EQUIP_ID)
		continue;

		@@ -399,6 +402,8 @@ static void diag_send_msg_mask_update(uint8_t peripheral, int first, int last)
		}

		for (i = 0; i < msg_mask_tbl_count_local; i++, mask++) {
		if (!mask->ptr)
		continue;
		mutex_lock(&driver->msg_mask_lock);
		if (((mask->ssid_first > first) \|\|
		(mask->ssid_last_tools < last)) && first != ALL_SSID) {
		@@ -642,6 +647,8 @@ static int diag_cmd_get_build_mask(unsigned char *src_buf, int src_len,
		rsp.padding = 0;
		build_mask = (struct diag_msg_mask_t *)msg_bt_mask.ptr;
		for (i = 0; i < driver->bt_msg_mask_tbl_count; i++, build_mask++) {
		if (!build_mask->ptr)
		continue;
		if (build_mask->ssid_first != req->ssid_first)
		continue;
		num_entries = req->ssid_last - req->ssid_first + 1;
		@@ -718,6 +725,8 @@ static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len,
		return -EINVAL;
		}
		for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
		if (!mask->ptr)
		continue;
		if ((req->ssid_first < mask->ssid_first) \|\|
		(req->ssid_first > mask->ssid_last_tools)) {
		continue;
		@@ -784,6 +793,8 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len,
		return -EINVAL;
		}
		for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
		if (!mask->ptr)
		continue;
		if (i < (driver->msg_mask_tbl_count - 1)) {
		mask_next = mask;
		mask_next++;
		@@ -1551,7 +1562,8 @@ static int diag_create_msg_mask_table(void)
		mutex_lock(&msg_mask.lock);
		mutex_lock(&driver->msg_mask_lock);
		driver->msg_mask_tbl_count = MSG_MASK_TBL_CNT;
		for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
		for (i = 0; (i < driver->msg_mask_tbl_count) && mask;
		i++, mask++) {
		range.ssid_first = msg_mask_tbl[i].ssid_first;
		range.ssid_last = msg_mask_tbl[i].ssid_last;
		err = diag_create_msg_mask_table_entry(mask, &range);
		@@ -1575,7 +1587,8 @@ static int diag_create_build_time_mask(void)
		mutex_lock(&driver->msg_mask_lock);
		driver->bt_msg_mask_tbl_count = MSG_MASK_TBL_CNT;
		build_mask = (struct diag_msg_mask_t *)msg_bt_mask.ptr;
		for (i = 0; i < driver->bt_msg_mask_tbl_count; i++, build_mask++) {
		for (i = 0; (i < driver->bt_msg_mask_tbl_count) && build_mask;
		i++, build_mask++) {
		range.ssid_first = msg_mask_tbl[i].ssid_first;
		range.ssid_last = msg_mask_tbl[i].ssid_last;
		err = diag_create_msg_mask_table_entry(build_mask, &range);
		@@ -1698,7 +1711,7 @@ static int diag_create_log_mask_table(void)

		mutex_lock(&log_mask.lock);
		mask = (struct diag_log_mask_t *)(log_mask.ptr);
		for (i = 0; i < MAX_EQUIP_ID; i++, mask++) {
		for (i = 0; (i < MAX_EQUIP_ID) && mask; i++, mask++) {
		mask->equip_id = i;
		mask->num_items = LOG_GET_ITEM_NUM(log_code_last_tbl[i]);
		mask->num_items_tools = mask->num_items;
		@@ -2082,6 +2095,8 @@ int diag_copy_to_user_msg_mask(char __user *buf, size_t count,
		return -EINVAL;
		}
		for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
		if (!mask->ptr)
		continue;
		ptr = mask_info->update_buf;
		len = 0;
		mutex_lock(&mask->lock);
		@@ -2153,6 +2168,8 @@ int diag_copy_to_user_log_mask(char __user *buf, size_t count,
		return -EINVAL;
		}
		for (i = 0; i < MAX_EQUIP_ID; i++, mask++) {
		if (!mask->ptr)
		continue;
		ptr = mask_info->update_buf;
		len = 0;
		mutex_lock(&mask->lock);

drivers/char/diag/diagfwd_cntl.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -560,7 +560,7 @@ static void process_ssid_range_report(uint8_t *buf, uint32_t len,
		mask_ptr = (struct diag_msg_mask_t *)msg_mask.ptr;
		found = 0;
		for (j = 0; j < driver->msg_mask_tbl_count; j++, mask_ptr++) {
		if (!mask_ptr \|\| !ssid_range) {
		if (!mask_ptr->ptr \|\| !ssid_range) {
		found = 1;
		break;
		}
		@@ -632,7 +632,7 @@ static void diag_build_time_mask_update(uint8_t *buf,
		num_items = range->ssid_last - range->ssid_first + 1;

		for (i = 0; i < driver->bt_msg_mask_tbl_count; i++, build_mask++) {
		if (!build_mask) {
		if (!build_mask->ptr) {
		found = 1;
		break;
		}