Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / 9024dd8df44f956ad432fb95638bf2afa7eb4073^! / . / arch / arm / mach-msm / ipc_router.c
commit9024dd8df44f956ad432fb95638bf2afa7eb4073[log] [tgz]
authorKarthikeyan Ramasubramanian <kramasub@codeaurora.org>Mon Dec 19 18:44:19 2011 -0700
committerKarthikeyan Ramasubramanian <kramasub@codeaurora.org>Mon Dec 19 23:33:47 2011 -0700
tree4fcf1b6736be43b375702c2bdc947e4788701c50
parentc3df07947a2e481dcd585286156ba94b09ed4fda [diff] [blame]
msm: ipc_router: Add NULL pointer checks

Perform sanity checks on the derefereced pointers to avoid NULL
pointer access.

Change-Id: Idb406c2ef7170019a49a66ea0631295e128ebc10
CRs-Fixed: 313382
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>

diff --git a/arch/arm/mach-msm/ipc_router.c b/arch/arm/mach-msm/ipc_router.c
index 8e9cc0f..15ea8ba 100644
--- a/arch/arm/mach-msm/ipc_router.c
+++ b/arch/arm/mach-msm/ipc_router.c

@@ -1183,7 +1183,15 @@
 	}
 
 	temp_ptr = skb_peek(pkt->pkt_fragment_q);
+	if (!temp_ptr) {
+		pr_err("%s: pkt_fragment_q is empty\n", __func__);
+		return -EINVAL;
+	}
 	hdr = (struct rr_header *)temp_ptr->data;
+	if (!hdr) {
+		pr_err("%s: No data inside the skb\n", __func__);
+		return -EINVAL;
+	}
 	msg = (union rr_control_msg *)((char *)hdr + IPC_ROUTER_HDR_SIZE);
 
 	switch (msg->cmd) {
@@ -1595,6 +1603,10 @@
 	}
 
 	head_skb = skb_peek(pkt->pkt_fragment_q);
+	if (!head_skb) {
+		pr_err("%s: pkt_fragment_q is empty\n", __func__);
+		return -EINVAL;
+	}
 	hdr = (struct rr_header *)skb_push(head_skb, IPC_ROUTER_HDR_SIZE);
 	if (!hdr) {
 		pr_err("%s: Prepend Header failed\n", __func__);
@@ -1642,6 +1654,10 @@
 		return -EINVAL;
 
 	head_skb = skb_peek(pkt->pkt_fragment_q);
+	if (!head_skb) {
+		pr_err("%s: pkt_fragment_q is empty\n", __func__);
+		return -EINVAL;
+	}
 	hdr = (struct rr_header *)skb_push(head_skb, IPC_ROUTER_HDR_SIZE);
 	if (!hdr) {
 		pr_err("%s: Prepend Header failed\n", __func__);