gb_lights_light_config() stores channel_count before allocating the
channels array. If kcalloc() fails, gb_lights_release() iterates the
non-zero count and dereferences light->channels, which is NULL.
Allocate channels first and only then publish channels_count so the
cleanup path can't walk a NULL pointer.
Fixes: 2870b52bae4c ("greybus: lights: add lights implementation")
Signed-off-by: Chaitanya Mishra <chaitanyamishra.ai(a)gmail.com>
---
drivers/staging/greybus/light.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/greybus/light.c b/drivers/staging/greybus/light.c
index e509fdc715db..4c9ad9ea8827 100644
--- a/drivers/staging/greybus/light.c
+++ b/drivers/staging/greybus/light.c
@@ -1008,14 +1008,14 @@ static int gb_lights_light_config(struct gb_lights *glights, u8 id)
if (!strlen(conf.name))
return -EINVAL;
- light->channels_count = conf.channel_count;
light->name = kstrndup(conf.name, NAMES_MAX, GFP_KERNEL);
if (!light->name)
return -ENOMEM;
- light->channels = kcalloc(light->channels_count,
+ light->channels = kcalloc(conf.channel_count,
sizeof(struct gb_channel), GFP_KERNEL);
if (!light->channels)
return -ENOMEM;
+ light->channels_count = conf.channel_count;
/* First we collect all the configurations for all channels */
for (i = 0; i < light->channels_count; i++) {
--
2.50.1 (Apple Git-155)
This patch series contains two minor cleanups for the arche-platform driver:
Patch 1: Clarifies an unclear TODO comment to make the intent more obvious
to future developers.
Patch 2: Fixes a simple spelling mistake in a comment.
These are low-risk changes that improve code readability.
Get Outlook for Android<https://aka.ms/AAb9ysg>
This patch series contains two minor cleanups for the arche-platform driver:
Patch 1: Clarifies an unclear TODO comment to make the intent more obvious
to future developers.
Patch 2: Fixes a simple spelling mistake in a comment.
These are low-risk changes that improve code readability.
