From 56dcfa4e56c086fda8c42efadd0b0b3c2ab672f2 Mon Sep 17 00:00:00 2001 From: Alok Chauhan Date: Thu, 4 Jan 2024 13:04:36 +0530 Subject: [PATCH] msm: camera: tfe: Fix null pointer deference during acquire failure Fix null pointer deference during acquire failure for tfe bus composite group pointer. CRs-Fixed: 3696470 Signed-off-by: Alok Chauhan Change-Id: I20745c805dd29c65f179b27d388a60752c420d2d --- drivers/cam_isp/isp_hw_mgr/cam_tfe_hw_mgr.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/cam_isp/isp_hw_mgr/cam_tfe_hw_mgr.c b/drivers/cam_isp/isp_hw_mgr/cam_tfe_hw_mgr.c index cf7ebb9919..a31edcf78c 100644 --- a/drivers/cam_isp/isp_hw_mgr/cam_tfe_hw_mgr.c +++ b/drivers/cam_isp/isp_hw_mgr/cam_tfe_hw_mgr.c @@ -2475,13 +2475,15 @@ free_res: cam_tfe_hw_mgr_release_hw_for_ctx(tfe_ctx); tfe_ctx->ctx_in_use = 0; tfe_ctx->is_rdi_only_context = 0; - tfe_ctx->cdm_handle = 0; - tfe_ctx->cdm_ops = NULL; tfe_ctx->init_done = false; tfe_ctx->is_dual = false; free_cdm: cam_cdm_release(tfe_ctx->cdm_handle); + tfe_ctx->cdm_handle = 0; + tfe_ctx->cdm_ops = NULL; free_ctx: + kfree(tfe_ctx->tfe_bus_comp_grp); + tfe_ctx->tfe_bus_comp_grp = NULL; cam_tfe_hw_mgr_put_ctx(&tfe_hw_mgr->free_ctx_list, &tfe_ctx); if (in_port) { for (i = 0; i < acquire_hw_info->num_inputs; i++) { @@ -2492,8 +2494,6 @@ free_ctx: kfree(in_port); in_port = NULL; } - kfree(tfe_ctx->tfe_bus_comp_grp); - tfe_ctx->tfe_bus_comp_grp = NULL; err: /* Dump all the current acquired HW */ cam_tfe_hw_mgr_dump_all_ctx();