ion: system_heap: Fix uninitialized sg-table usage

The table_sync sg-table is used uninitialized when nents_sync is zero. Fix it by only using it when it's allocated. Signed-off-by: Sultan Alsawaf <[email protected]> Change-Id: Ic3291d16482d6c341d2f846c0148d2edab8c1702
YumeMichi · Oct 8, 2021 · 7030448 · 7030448
1 parent bb81f27
commit 7030448
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c
@@ -435,11 +435,13 @@ static int ion_system_heap_allocate(struct ion_heap *heap,
 		ret = sg_alloc_table(&table_sync, nents_sync, GFP_KERNEL);
 		if (ret)
 			goto err_free_sg;
+		sg_sync = table_sync.sgl;
+	} else {
+		sg_sync = NULL;
 	}
 
 	i = 0;
 	sg = table->sgl;
-	sg_sync = table_sync.sgl;
 
 	/*
 	 * We now have two separate lists. One list contains pages from the
@@ -456,7 +458,8 @@ static int ion_system_heap_allocate(struct ion_heap *heap,
 				i = process_info(info, sg, sg_sync, &data, i);
 				free_info(info, info_onstack,
 					  ARRAY_SIZE(info_onstack));
-				sg_sync = sg_next(sg_sync);
+				if (sg_sync)
+					sg_sync = sg_next(sg_sync);
 			} else {
 				i = process_info(tmp_info, sg, 0, 0, i);
 				free_info(tmp_info, info_onstack,
@@ -465,7 +468,8 @@ static int ion_system_heap_allocate(struct ion_heap *heap,
 		} else if (info) {
 			i = process_info(info, sg, sg_sync, &data, i);
 			free_info(info, info_onstack, ARRAY_SIZE(info_onstack));
-			sg_sync = sg_next(sg_sync);
+			if (sg_sync)
+				sg_sync = sg_next(sg_sync);
 		} else if (tmp_info) {
 			i = process_info(tmp_info, sg, 0, 0, i);
 			free_info(tmp_info, info_onstack,