mmc: card: Avoid null pointer dereference

After the null check on md the code jumped to cmd_done, which then
will dereference md in mmc_blk_put. This patch avoids the possible
null pointer dereference in that case.

Signed-off-by: Philippe De Swert <philippedeswert@gmail.com>
Reviewed-by: Namjae Jeon <linkinjeon@gmail.com>
Signed-off-by: Chris Ball <cjb@laptop.org>

diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index c6b3bf9..71db040 100644 (file)
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -319,7 +319,7 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev,
        md = mmc_blk_get(bdev->bd_disk);
        if (!md) {
                err = -EINVAL;
        md = mmc_blk_get(bdev->bd_disk);
        if (!md) {
                err = -EINVAL;

-               goto cmd_done;
+               goto cmd_err;

        }
 
        card = md->queue.card;
        }
 
        card = md->queue.card;


@@ -418,6 +418,7 @@ cmd_rel_host:
 
 cmd_done:
        mmc_blk_put(md);
 
 cmd_done:
        mmc_blk_put(md);

+cmd_err:

        kfree(idata->buf);
        kfree(idata);
        return err;
        kfree(idata->buf);
        kfree(idata);
        return err;