On 1/16/2026 4:43 AM, Dmitry Baryshkov wrote:
On Thu, Jan 15, 2026 at 04:28:48PM +0800, Jianping Li wrote:
From: Ekansh Gupta <[email protected]>
The fastrpc_buf_free function currently does not handle the case where
the input buffer pointer (buf) is NULL. This can lead to a null pointer
dereference, causing a crash or undefined behavior when the function
attempts to access members of the buf structure. Add a NULL check to
ensure safe handling of NULL pointers and prevent potential crashes.
When does it happen? Do you have a backtrace or is it a safety coding?
Do you pass NULL buffer pointers to the function?
Thanks, Dmitry.
Yes, this change is mainly for safety‑coding purposes.
This is reachable on during remove/deinit sequences when a buffer was
never allocated or allocation failed part‑way and cleanup proceeds.
It's a saftety coding: to eliminate NULL checks on the caller side, as
we do in a lot of other kernel API.
At the same time, there is a possibility that this buffer passes NULL,
and during verification, this can cause the kernel to crash.
The patch makes fastrpc_buf_free() NULL‑tolerant and simplifies callers
by removing duplicated if (ptr) checks, reducing the chance of future
omissions.
Fixes: c68cfb718c8f9 ("misc: fastrpc: Add support for context Invoke method")
Cc: [email protected]
Co-developed-by: Ekansh Gupta <[email protected]>
Signed-off-by: Ekansh Gupta <[email protected]>
Signed-off-by: Jianping Li <[email protected]>
---
drivers/misc/fastrpc.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
