Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 81a8b542 authored by Stefan Wahren's avatar Stefan Wahren Committed by Greg Kroah-Hartman
Browse files

staging: vchiq_core: fix service dereference in unlock_service 



The service state is dereferenced before BUG_ON and outside of the
spin lock. So in order to avoid possible NULL pointer dereferences or
races move the whole scope at a safer place.

This issue has been found by Cppcheck.

Signed-off-by: default avatarStefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 2ea15699

drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c

+2 −1
Original line number Diff line number Diff line
@@ -296,12 +296,13 @@ lock_service(VCHIQ_SERVICE_T *service) 
void

unlock_service(VCHIQ_SERVICE_T *service)

{

	VCHIQ_STATE_T *state = service->state;

	spin_lock(&service_spinlock);

	BUG_ON(!service || (service->ref_count == 0));

	if (service && service->ref_count) {

		service->ref_count--;

		if (!service->ref_count) {

			VCHIQ_STATE_T *state = service->state;



			BUG_ON(service->srvstate != VCHIQ_SRVSTATE_FREE);

			state->services[service->localport] = NULL;

		} else