drm/savage: dereferencing an error pointer

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

A recent cleanup changed the kmalloc() + copy_from_user() to
memdup_user() but the error handling wasn't updated so we might call
kfree(-EFAULT) and crash.

Fixes: a6e3918bcdb1 ('GPU-DRM-Savage: Use memdup_user() rather than duplicating')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/20161012062227.GU12841@mwanda

authored by

Dan Carpenter and committed by

Daniel Vetter 9 years ago f7741aa7 1550333c

1 changed file

expand all

drivers

gpu

drm

savage

savage_state.c

drivers/gpu/drm/savage/savage_state.c

··· 1004 1004 kvb_addr = memdup_user(cmdbuf->vb_addr, cmdbuf->vb_size); 1005 1005 if (IS_ERR(kvb_addr)) { 1006 1006 ret = PTR_ERR(kvb_addr); 1007 + kvb_addr = NULL; 1007 1008 goto done; 1008 1009 } 1009 1010 cmdbuf->vb_addr = kvb_addr;