From: Thierry Reding <tred...@nvidia.com> When a thermal zone is looked up by an ID and no zone is found matching that ID, the thermal_zone_get_by_id() function will return a pointer to the thermal zone list head which isn't actually a valid thermal zone.
This can lead to a subsequent crash because a valid pointer is returned to the called, but dereferencing that pointer as struct thermal_zone is not safe. Fixes: 329b064fbd13 ("thermal: core: Get thermal zone by id") Signed-off-by: Thierry Reding <tred...@nvidia.com> --- drivers/thermal/thermal_core.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c index 007f9618e20a..9748fbb9a3a1 100644 --- a/drivers/thermal/thermal_core.c +++ b/drivers/thermal/thermal_core.c @@ -751,16 +751,18 @@ int for_each_thermal_zone(int (*cb)(struct thermal_zone_device *, void *), struct thermal_zone_device *thermal_zone_get_by_id(int id) { - struct thermal_zone_device *tz = NULL; + struct thermal_zone_device *tz, *match = NULL; mutex_lock(&thermal_list_lock); list_for_each_entry(tz, &thermal_tz_list, node) { - if (tz->id == id) + if (tz->id == id) { + match = tz; break; + } } mutex_unlock(&thermal_list_lock); - return tz; + return match; } void thermal_zone_device_unbind_exception(struct thermal_zone_device *tz, -- 2.27.0