After the null check on md the code jumped to cmd_done, which then will dereference md in mmc_blk_put. This patch avoids the possible null pointer dereference in that case.
Signed-off-by: Philippe De Swert <[email protected]> --- drivers/mmc/card/block.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index b180965..4bed186 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -384,7 +384,7 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev, md = mmc_blk_get(bdev->bd_disk); if (!md) { err = -EINVAL; - goto cmd_done; + goto cmd_err; } card = md->queue.card; @@ -483,6 +483,7 @@ cmd_rel_host: cmd_done: mmc_blk_put(md); +cmd_err: kfree(idata->buf); kfree(idata); return err; -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-mmc" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
