mmc: card: fix potential null dereference of 'idata'

When allocation of idata failed there was a null dereference. Also avoid
calling kfree where it isn't needed.

Signed-off-by: Vladimir Motyka <vladimir.motyka@gmail.com>
Signed-off-by: Chris Ball <cjb@laptop.org>

diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index 407836d557126dc6c13a26a875bbd50128124f59..126c7f41c5a33a9702185b0b947f1dadf1fbef7e 100644 (file)
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -237,24 +237,24 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user(
        idata = kzalloc(sizeof(*idata), GFP_KERNEL);
        if (!idata) {
                err = -ENOMEM;
-               goto copy_err;
+               goto out;
        }
 
        if (copy_from_user(&idata->ic, user, sizeof(idata->ic))) {
                err = -EFAULT;
-               goto copy_err;
+               goto idata_err;
        }
 
        idata->buf_bytes = (u64) idata->ic.blksz * idata->ic.blocks;
        if (idata->buf_bytes > MMC_IOC_MAX_BYTES) {
                err = -EOVERFLOW;
-               goto copy_err;
+               goto idata_err;
        }
 
        idata->buf = kzalloc(idata->buf_bytes, GFP_KERNEL);
        if (!idata->buf) {
                err = -ENOMEM;
-               goto copy_err;
+               goto idata_err;
        }
 
        if (copy_from_user(idata->buf, (void __user *)(unsigned long)
@@ -267,9 +267,10 @@ static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user(
 
 copy_err:
        kfree(idata->buf);
+idata_err:
        kfree(idata);
+out:
        return ERR_PTR(err);
-
 }
 
 static int mmc_blk_ioctl_cmd(struct block_device *bdev,