From f804586860944d5d7f88fa0f12326aef97ccdf00 Mon Sep 17 00:00:00 2001 From: Srinivas Marka Date: Fri, 17 May 2024 11:35:22 +0530 Subject: [PATCH] asoc: mbhc: avoid null pointer derefrence fix to avoid null pointer dereference by checking for the structure to be non-null, in below functions wcd9378_mbhc_post_ssr_init of wcd9378-mbhc and interpolate_zdet_val, usbcss_sysfs_store of wcd939x-mbhc. Change-Id: I37979f969786c5490e1964913ad61123a4e09006 Signed-off-by: Srinivas Marka --- asoc/codecs/wcd9378/wcd9378-mbhc.c | 18 ++++++++++++++---- asoc/codecs/wcd939x/wcd939x-mbhc.c | 17 +++++++++++++---- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/asoc/codecs/wcd9378/wcd9378-mbhc.c b/asoc/codecs/wcd9378/wcd9378-mbhc.c index 1c0e2e4a3f..59902ec494 100644 --- a/asoc/codecs/wcd9378/wcd9378-mbhc.c +++ b/asoc/codecs/wcd9378/wcd9378-mbhc.c @@ -1036,8 +1036,7 @@ int wcd9378_mbhc_post_ssr_init(struct wcd9378_mbhc *mbhc, { int ret = 0; struct wcd_mbhc *wcd_mbhc = NULL; - struct wcd9378_priv *wcd9378 = - dev_get_drvdata(component->dev); + struct wcd9378_priv *wcd9378 = NULL; if (!mbhc || !component) return -EINVAL; @@ -1048,6 +1047,12 @@ int wcd9378_mbhc_post_ssr_init(struct wcd9378_mbhc *mbhc, return -EINVAL; } + wcd9378 = dev_get_drvdata(component->dev); + if (wcd9378 == NULL) { + pr_err("%s: wcd9378 is NULL\n", __func__); + return -EINVAL; + } + /* Reset detection type to insertion after SSR recovery */ snd_soc_component_update_bits(component, WCD9378_ANA_MBHC_MECH, 0x20, 0x20); @@ -1088,14 +1093,19 @@ int wcd9378_mbhc_init(struct wcd9378_mbhc **mbhc, struct wcd_mbhc *wcd_mbhc = NULL; int ret = 0; struct wcd9378_pdata *pdata; - struct wcd9378_priv *wcd9378 = - dev_get_drvdata(component->dev); + struct wcd9378_priv *wcd9378 = NULL; if (!component) { pr_err("%s: component is NULL\n", __func__); return -EINVAL; } + wcd9378 = dev_get_drvdata(component->dev); + if (!wcd9378) { + pr_err("%s: wcd9378 is NULL\n", __func__); + return -EINVAL; + } + wcd9378_mbhc = devm_kzalloc(component->dev, sizeof(struct wcd9378_mbhc), GFP_KERNEL); if (!wcd9378_mbhc) diff --git a/asoc/codecs/wcd939x/wcd939x-mbhc.c b/asoc/codecs/wcd939x/wcd939x-mbhc.c index b2b6a1090b..baed5dda70 100644 --- a/asoc/codecs/wcd939x/wcd939x-mbhc.c +++ b/asoc/codecs/wcd939x/wcd939x-mbhc.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only /* * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. - * Copyright (c) 2022-2023, Qualcomm Innovation Center, Inc. All rights reserved. + * Copyright (c) 2022-2024, Qualcomm Innovation Center, Inc. All rights reserved. */ #include #include @@ -836,6 +836,9 @@ static void interpolate_zdet_val(uint32_t *z, s64 z_meas_bias_removed, s64 z_val { s64 lb_to_z = 0, lb_to_ub = 0, z_to_ub = 0, lb_corr = 0, ub_corr = 0, z_interp = 0; + if (lb < 0) + return; + /* If lb is the table upper bound, no interpolation needed, just use the lb corr factor */ if ((lb + 1) >= ARRAY_SIZE(zdet_dnl_table)) { z_interp = (s64) ((flag_se_diff) ? (zdet_dnl_table[lb].diff_corr_mohms) : @@ -977,10 +980,16 @@ static ssize_t usbcss_sysfs_store(struct kobject *kobj, struct kobj_attribute *a bool update_xtalk = false, update_linearizer = false; usbc_attr = container_of(attr, struct usbcss_hs_attr, attr); - wcd939x = usbc_attr->priv; - pdata = dev_get_platdata(wcd939x->dev); + if (!usbc_attr) + return -EINVAL; - if (!wcd939x || !pdata) + wcd939x = usbc_attr->priv; + + if (!wcd939x) + return -EINVAL; + + pdata = dev_get_platdata(wcd939x->dev); + if (!pdata) return -EINVAL; usbcss_hs = &pdata->usbcss_hs;