diff options
| author | Robertus Diawan Chris <robertusdchris@gmail.com> | 2026-05-19 05:05:28 +0300 |
|---|---|---|
| committer | Jens Wiklander <jens.wiklander@linaro.org> | 2026-05-20 10:22:52 +0300 |
| commit | 471c18323dfdfe7844e193b896a9267ae23a1026 (patch) | |
| tree | 8843c6ae399152dea7b89cf4219037f4677dc9a4 | |
| parent | 028ef9c96e96197026887c0f092424679298aae8 (diff) | |
| download | linux-471c18323dfdfe7844e193b896a9267ae23a1026.tar.xz | |
tee: qcomtee: add missing va_end in early return qcomtee_object_user_init()
qcomtee_object_user_init() is a variadic function and when the function
return because there's no dispatch callback in QCOMTEE_OBJECT_TYPE_CB
case, there's no va_end to cleanup "ap" object initialized by va_start
and that can cause undefined behavior. So make sure to use va_end before
returning the error code when there's no dispatch callback.
This is reported by Coverity Scan as "Missing varargs init or cleanup".
Fixes: d6e290837e50 ("tee: add Qualcomm TEE driver")
Signed-off-by: Robertus Diawan Chris <robertusdchris@gmail.com>
Reviewed-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
| -rw-r--r-- | drivers/tee/qcomtee/core.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/drivers/tee/qcomtee/core.c b/drivers/tee/qcomtee/core.c index b1cb50e434f0..60fe3b5776e3 100644 --- a/drivers/tee/qcomtee/core.c +++ b/drivers/tee/qcomtee/core.c @@ -306,8 +306,10 @@ int qcomtee_object_user_init(struct qcomtee_object *object, break; case QCOMTEE_OBJECT_TYPE_CB: object->ops = ops; - if (!object->ops->dispatch) - return -EINVAL; + if (!object->ops->dispatch) { + ret = -EINVAL; + break; + } /* If failed, "no-name". */ object->name = kvasprintf_const(GFP_KERNEL, fmt, ap); |
