media: lirc: do not pass ERR_PTR to kfree

author Sean Young <sean@mess.org>

Wed, 13 Dec 2017 21:09:21 +0000 (16:09 -0500)

committer Mauro Carvalho Chehab <mchehab@s-opensource.com>

Mon, 18 Dec 2017 20:21:28 +0000 (15:21 -0500)
author Sean Young <sean@mess.org>
Wed, 13 Dec 2017 21:09:21 +0000 (16:09 -0500)
committer Mauro Carvalho Chehab <mchehab@s-opensource.com>
Mon, 18 Dec 2017 20:21:28 +0000 (15:21 -0500)
diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c

index 6cedb54..8618aba 100644 (file)
--- a/drivers/media/rc/lirc_dev.c
+++ b/drivers/media/rc/lirc_dev.c
@@ -231,7 +231,7 @@ static ssize_t ir_lirc_transmit_ir(struct file *file, const char __user *buf,
  {
         struct lirc_fh *fh = file->private_data;
         struct rc_dev *dev = fh->rc;
-       unsigned int *txbuf = NULL;
+       unsigned int *txbuf;
         struct ir_raw_event *raw = NULL;
         ssize_t ret;
         size_t count;
@@ -246,14 +246,14 @@ static ssize_t ir_lirc_transmit_ir(struct file *file, const char __user *buf,
  
         if (!dev->registered) {
                 ret = -ENODEV;
-               goto out;
+               goto out_unlock;
         }
  
         start = ktime_get();
  
         if (!dev->tx_ir) {
                 ret = -EINVAL;
-               goto out;
+               goto out_unlock;
         }
  
         if (fh->send_mode == LIRC_MODE_SCANCODE) {
@@ -261,17 +261,17 @@ static ssize_t ir_lirc_transmit_ir(struct file *file, const char __user *buf,
  
                 if (n != sizeof(scan)) {
                         ret = -EINVAL;
-                       goto out;
+                       goto out_unlock;
                 }
  
                 if (copy_from_user(&scan, buf, sizeof(scan))) {
                         ret = -EFAULT;
-                       goto out;
+                       goto out_unlock;
                 }
  
                 if (scan.flags || scan.keycode || scan.timestamp) {
                         ret = -EINVAL;
-                       goto out;
+                       goto out_unlock;
                 }
  
                 /*
@@ -283,26 +283,26 @@ static ssize_t ir_lirc_transmit_ir(struct file *file, const char __user *buf,
                 if (scan.scancode > U32_MAX ||
                     !rc_validate_scancode(scan.rc_proto, scan.scancode)) {
                         ret = -EINVAL;
-                       goto out;
+                       goto out_unlock;
                 }
  
                 raw = kmalloc_array(LIRCBUF_SIZE, sizeof(*raw), GFP_KERNEL);
                 if (!raw) {
                         ret = -ENOMEM;
-                       goto out;
+                       goto out_unlock;
                 }
  
                 ret = ir_raw_encode_scancode(scan.rc_proto, scan.scancode,
                                              raw, LIRCBUF_SIZE);
                 if (ret < 0)
-                       goto out;
+                       goto out_kfree;
  
                 count = ret;
  
                 txbuf = kmalloc_array(count, sizeof(unsigned int), GFP_KERNEL);
                 if (!txbuf) {
                         ret = -ENOMEM;
-                       goto out;
+                       goto out_kfree;
                 }
  
                 for (i = 0; i < count; i++)
@@ -318,26 +318,26 @@ static ssize_t ir_lirc_transmit_ir(struct file *file, const char __user *buf,
         } else {
                 if (n < sizeof(unsigned int) || n % sizeof(unsigned int)) {
                         ret = -EINVAL;
-                       goto out;
+                       goto out_unlock;
                 }
  
                 count = n / sizeof(unsigned int);
                 if (count > LIRCBUF_SIZE || count % 2 == 0) {
                         ret = -EINVAL;
-                       goto out;
+                       goto out_unlock;
                 }
  
                 txbuf = memdup_user(buf, n);
                 if (IS_ERR(txbuf)) {
                         ret = PTR_ERR(txbuf);
-                       goto out;
+                       goto out_unlock;
                 }
         }
  
         for (i = 0; i < count; i++) {
                 if (txbuf[i] > IR_MAX_DURATION / 1000 - duration || !txbuf[i]) {
                         ret = -EINVAL;
-                       goto out;
+                       goto out_kfree;
                 }
  
                 duration += txbuf[i];
@@ -345,7 +345,7 @@ static ssize_t ir_lirc_transmit_ir(struct file *file, const char __user *buf,
  
         ret = dev->tx_ir(dev, txbuf, count);
         if (ret < 0)
-               goto out;
+               goto out_kfree;
  
         if (fh->send_mode == LIRC_MODE_SCANCODE) {
                 ret = n;
@@ -368,10 +368,11 @@ static ssize_t ir_lirc_transmit_ir(struct file *file, const char __user *buf,
                 schedule_timeout(usecs_to_jiffies(towait));
         }
  
-out:
-       mutex_unlock(&dev->lock);
+out_kfree:
         kfree(txbuf);
         kfree(raw);
+out_unlock:
+       mutex_unlock(&dev->lock);
         return ret;
  }
author	Sean Young <sean@mess.org>
	Wed, 13 Dec 2017 21:09:21 +0000 (16:09 -0500)
committer	Mauro Carvalho Chehab <mchehab@s-opensource.com>
	Mon, 18 Dec 2017 20:21:28 +0000 (15:21 -0500)