From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753497AbdJUA76 (ORCPT <rfc822;w@1wt.eu>);
        Fri, 20 Oct 2017 20:59:58 -0400
Received: from mail-it0-f65.google.com ([209.85.214.65]:47000 "EHLO
        mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753167AbdJUA7O (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 20 Oct 2017 20:59:14 -0400
X-Google-Smtp-Source: ABhQp+Rwzh3hOCDxd4I56DzxCR+a9R8pqwCNyZThf1r+15FxMsK6L8uwtOvVH0WOCNjkVGu2GmFRFg==
From: Sherry Yang <sherryy@android.com>
To: linux-kernel@vger.kernel.org
Cc: tkjos@google.com, maco@google.com, Sherry Yang <sherryy@android.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= <arve@android.com>,
        Riley Andrews <riandrews@android.com>,
        devel@driverdev.osuosl.org (open list:ANDROID DRIVERS)
Subject: [PATCH v2 2/4] android: binder: Fix null ptr dereference in debug msg
Date: Fri, 20 Oct 2017 20:58:59 -0400
Message-Id: <20171021005902.59586-3-sherryy@android.com>
X-Mailer: git-send-email 2.11.0 (Apple Git-81)
In-Reply-To: <20171021005902.59586-1-sherryy@android.com>
References: <20171021005902.59586-1-sherryy@android.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Don't access next->data in kernel debug message when the
next buffer is null.

Acked-by: Arve Hjønnevåg <arve@android.com>
Signed-off-by: Sherry Yang <sherryy@android.com>
---
 drivers/android/binder_alloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index e12072b1d507..c2819a3d58a6 100644
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -560,7 +560,7 @@ static void binder_delete_free_buffer(struct binder_alloc *alloc,
 		binder_alloc_debug(BINDER_DEBUG_BUFFER_ALLOC,
 				   "%d: merge free, buffer %pK do not share page with %pK or %pK\n",
 				   alloc->pid, buffer->data,
-				   prev->data, next->data);
+				   prev->data, next ? next->data : NULL);
 		binder_update_page_range(alloc, 0, buffer_start_page(buffer),
 					 buffer_start_page(buffer) + PAGE_SIZE,
 					 NULL);
-- 
2.11.0 (Apple Git-81)