drivers/dma: Eliminate a NULL pointer dereference

If td_desc is NULL, just skip both kfrees.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@r exists@
expression E,E1;
identifier f;
statement S1,S2,S3;
@@

if ((E == NULL && ...) || ...)
{
  ... when != if (...) S1 else S2
      when != E = E1
* E->f
  ... when any
  return ...;
}
else S3
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

diff --git a/drivers/dma/timb_dma.c b/drivers/dma/timb_dma.c
index 464fad58dae9d5f7baf166936fa7d5228f514447..2ec1ed56f20436d5e5d3df9e57f1f09f81297997 100644 (file)
--- a/drivers/dma/timb_dma.c
+++ b/drivers/dma/timb_dma.c
@@ -382,7 +382,7 @@ static struct timb_dma_desc *td_alloc_init_desc(struct timb_dma_chan *td_chan)
        td_desc = kzalloc(sizeof(struct timb_dma_desc), GFP_KERNEL);
        if (!td_desc) {
                dev_err(chan2dev(chan), "Failed to alloc descriptor\n");
-               goto err;
+               goto out;
        }
 
        td_desc->desc_list_len = td_chan->desc_elems * TIMB_DMA_DESC_SIZE;
@@ -410,7 +410,7 @@ static struct timb_dma_desc *td_alloc_init_desc(struct timb_dma_chan *td_chan)
 err:
        kfree(td_desc->desc_list);
        kfree(td_desc);
-
+out:
        return NULL;
 
 }