video: tegra: nvmap: Fix security issue in NVMAP_IOC_PARAM

Initialized the uninitialized variables and handled return status from nvmap_get_handle_param. Bug 1884311 Bug 1820242 Change-Id: I2390c859d2b2af39eaff44749ca64e60920fe944 Signed-off-by: Gagan Grover <ggrover@nvidia.com> Reviewed-on: http://git-master/r/1259560 Reviewed-on: http://git-master/r/1489707 GVS: Gerrit_Virtual_Submit Tested-by: Sumit Gupta <sumitg@nvidia.com> Reviewed-by: Bibek Basu <bbasu@nvidia.com>
author: Gagan Grover <ggrover@nvidia.com> 2016-11-24 16:58:49 +0530
committer: Winnie Hsu <whsu@nvidia.com> 2017-05-26 14:04:17 -0700
commit: 642ec539ddab846143db87673ace653d09c75e05 (patch)
tree: 595df62fc58800e8cff328d436b42efc4e8c61b8
parent: ea316a2ba8c8504069b73b8782a5ca3e34283a9e (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/drivers/video/tegra/nvmap/nvmap_ioctl.c b/drivers/video/tegra/nvmap/nvmap_ioctl.c
index 27db8f6799af..98b9c78f278b 100644
--- a/drivers/video/tegra/nvmap/nvmap_ioctl.c
+++ b/drivers/video/tegra/nvmap/nvmap_ioctl.c
@@ -454,9 +454,9 @@ int nvmap_ioctl_get_param(struct file *filp, void __user *arg, bool is32)
 	struct nvmap_handle_param __user *uarg = arg;
 	struct nvmap_handle_param op;
 	struct nvmap_client *client = filp->private_data;
-	struct nvmap_handle_ref *ref;
-	struct nvmap_handle *h;
-	u64 result;
+	struct nvmap_handle_ref *ref = NULL;
+	struct nvmap_handle *h = NULL;
+	u64 result = 0;
 	int err = 0;
 
 #ifdef CONFIG_COMPAT
@@ -482,6 +482,9 @@ int nvmap_ioctl_get_param(struct file *filp, void __user *arg, bool is32)
 	}
 
 	err = nvmap_get_handle_param(client, ref, op.param, &result);
+	if (err) {
+		goto ref_fail;
+	}
 
 #ifdef CONFIG_COMPAT
 	if (is32)
author	Gagan Grover <ggrover@nvidia.com>	2016-11-24 16:58:49 +0530
committer	Winnie Hsu <whsu@nvidia.com>	2017-05-26 14:04:17 -0700
commit	642ec539ddab846143db87673ace653d09c75e05 (patch)
tree	595df62fc58800e8cff328d436b42efc4e8c61b8
parent	ea316a2ba8c8504069b73b8782a5ca3e34283a9e (diff)