From: Thierry Reding <tred...@nvidia.com>
When a thermal zone is looked up by an ID and no zone is found matching
that ID, the thermal_zone_get_by_id() function will return a pointer to
the thermal zone list head which isn't actually a valid thermal zone.
This can lead to a subsequent crash because a valid pointer is returned
to the called, but dereferencing that pointer as struct thermal_zone is
not safe.
Fixes: 329b064fbd13 ("thermal: core: Get thermal zone by id")
Signed-off-by: Thierry Reding <tred...@nvidia.com>
---
drivers/thermal/thermal_core.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index 007f9618e20a..9748fbb9a3a1 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -751,16 +751,18 @@ int for_each_thermal_zone(int (*cb)(struct
thermal_zone_device *, void *),
struct thermal_zone_device *thermal_zone_get_by_id(int id)
{
- struct thermal_zone_device *tz = NULL;
+ struct thermal_zone_device *tz, *match = NULL;
mutex_lock(&thermal_list_lock);
list_for_each_entry(tz, &thermal_tz_list, node) {
- if (tz->id == id)
+ if (tz->id == id) {
+ match = tz;
break;
+ }
}
mutex_unlock(&thermal_list_lock);
- return tz;
+ return match;
}
void thermal_zone_device_unbind_exception(struct thermal_zone_device *tz,
--
2.27.0
