Commit 6af6be27 authored by Douglas Anderson's avatar Douglas Anderson Committed by Bartosz Golaszewski
Browse files

gpio: cdev: Avoid NULL dereference in linehandle_create() 



In linehandle_create(), there is a statement like this:
  retain_and_null_ptr(lh);

Soon after, there is a debug printout that dereferences "lh", which
will crash things.

Avoid the crash by using handlereq.lines, which is the same value.

Fixes: da7e394b ("gpio: convert linehandle_create() to FD_PREPARE()")
Signed-off-by: default avatarDouglas Anderson <dianders@chromium.org>
Link: https://patch.msgid.link/20260215120555.v2.1.I77c3eb563271c21870379eefd16ebbc4e09635bb@changeid


Signed-off-by: default avatarBartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
parent 58433885

drivers/gpio/gpiolib-cdev.c

+1 −1
Original line number Diff line number Diff line
@@ -388,7 +388,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) 
	fd_publish(fdf);



	dev_dbg(&gdev->dev, "registered chardev handle for %d lines\n",

		lh->num_descs);

		handlereq.lines);



	return 0;

}