drivers/staging/comedi/drivers/dt282x.c · a1fcfe095c8c22f67aaee0eba7acfd46559b75d5 · xenomai / ipipe-x86

staging: comedi: dt282x: fix a null pointer deref on interrupt · a1fcfe09

Ian Abbott authored Jun 26, 2019

commit b8336be6 upstream.

The interrupt handler `dt282x_interrupt()` causes a null pointer
dereference for those supported boards that have no analog output
support.  For these boards, `dev->write_subdev` will be `NULL` and
therefore the `s_ao` subdevice pointer variable will be `NULL`.  In that
case, the following call near the end of the interrupt handler results
in a null pointer dereference:

	comedi_handle_events(dev, s_ao);

Fix it by only calling the above function if `s_ao` is valid.

(There are other uses of `s_ao` by the interrupt handler that may or may
not be reached depending on values of hardware registers.  Trust that
they are reliable for now.)

Note:
commit 4f6f009b ("staging: comedi: dt282x: use comedi_handle_events()")
propagates an earlier error from
commit f21c74fa ("staging: comedi: dt282x: use cfc_handle_events()").

Fixes: 4f6f009b

 ("staging: comedi: dt282x: use comedi_handle_events()")
Cc: <stable@vger.kernel.org> # v3.19+
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

a1fcfe09