[PATCH] net/bnxt: fix a null dereference in cleanup label

Weiguo Li liwg06 at foxmail.com
Thu Feb 24 16:53:59 CET 2022

Previous message (by thread): [PATCH v3 2/2] efd: fix uninitialized structure
Next message (by thread): [PATCH] doc: fix modify field action description for mlx5
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fixes: a46bbb57605b4 ("net/bnxt: update multi device design")

In tf_session_create(), there is a case that with 'tfp->session' still
be NULL and run 'goto cleanup', which will leads to a null dereference
by 'tfp_free(tfp->session->core_data)' in the cleanup.

Signed-off-by: Weiguo Li <liwg06 at foxmail.com>
---
 drivers/net/bnxt/tf_core/tf_session.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/net/bnxt/tf_core/tf_session.c b/drivers/net/bnxt/tf_core/tf_session.c
index 9f849a0a76..c30c0e7029 100644
--- a/drivers/net/bnxt/tf_core/tf_session.c
+++ b/drivers/net/bnxt/tf_core/tf_session.c
@@ -230,10 +230,12 @@ tf_session_create(struct tf *tfp,
 			    "FW Session close failed, rc:%s\n",
 			    strerror(-rc));
 	}
+	if (tfp->session) {
+		tfp_free(tfp->session->core_data);
+		tfp_free(tfp->session);
+		tfp->session = NULL;
+	}
 
-	tfp_free(tfp->session->core_data);
-	tfp_free(tfp->session);
-	tfp->session = NULL;
 	return rc;
 }
 
-- 
2.25.1

Previous message (by thread): [PATCH v3 2/2] efd: fix uninitialized structure
Next message (by thread): [PATCH] doc: fix modify field action description for mlx5
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list