From 7bdd9695970eb8cd5b987e08f99cb8f0c84f30fd Mon Sep 17 00:00:00 2001
From: Jia-Ju Bai <baijiaju1990@gmail.com>
Date: Wed, 24 Jul 2019 17:04:26 +0800
Subject: char: ppdev: Fix a possible null-pointer dereference in pp_release()

In pp_release(), there is an if statement on line 730 to check whether
pp->pdev is NULL:
    else if ((pp->flags & PP_CLAIMED) && pp->pdev && ...)

When pp->pdev is NULL, it is used on line 743:
    info = &pp->pdev->port->ieee1284;
and on line 748:
    parport_release(pp->pdev);

Thus, a possible null-pointer dereference may occur.

To fix this bug, pp->pdev is checked on line 740.

This bug is found by a static analysis tool STCheck written by us.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Link: https://lore.kernel.org/r/20190724090426.1401-1-baijiaju1990@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/char/ppdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'drivers/char')

diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
index f0a8adca1eee..c86f18aa8985 100644
--- a/drivers/char/ppdev.c
+++ b/drivers/char/ppdev.c
@@ -737,7 +737,7 @@ static int pp_release(struct inode *inode, struct file *file)
 			"negotiated back to compatibility mode because user-space forgot\n");
 	}
 
-	if (pp->flags & PP_CLAIMED) {
+	if ((pp->flags & PP_CLAIMED) && pp->pdev) {
 		struct ieee1284_info *info;
 
 		info = &pp->pdev->port->ieee1284;
-- 
cgit v1.2.3