From 14e13b1ce92ea278fc0d7bb95b340b46cff624ab Mon Sep 17 00:00:00 2001
From: Colin Ian King <colin.king@canonical.com>
Date: Tue, 6 Apr 2021 17:40:02 +0100
Subject: [PATCH] regmap-irq: Fix dereference of a potentially null d->virt_buf

The clean up of struct d can potentiallly index into a null array
d->virt_buf causing errorenous pointer dereferencing issues on
kfree calls.  Fix this by adding a null check on d->virt_buf before
attempting to traverse the array to kfree the objects.

Addresses-Coverity: ("Dereference after null check")
Fixes: 4c5014456305 ("regmap-irq: Introduce virtual regs to handle more config regs")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: https://lore.kernel.org/r/20210406164002.430221-1-colin.king@canonical.com
Signed-off-by: Mark Brown <broonie@kernel.org>
---
 drivers/base/regmap/regmap-irq.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/base/regmap/regmap-irq.c b/drivers/base/regmap/regmap-irq.c
index e6343ccc6aa1..760296a4b606 100644
--- a/drivers/base/regmap/regmap-irq.c
+++ b/drivers/base/regmap/regmap-irq.c
@@ -901,9 +901,11 @@ err_alloc:
 	kfree(d->mask_buf);
 	kfree(d->status_buf);
 	kfree(d->status_reg_buf);
-	for (i = 0; i < chip->num_virt_regs; i++)
-		kfree(d->virt_buf[i]);
-	kfree(d->virt_buf);
+	if (d->virt_buf) {
+		for (i = 0; i < chip->num_virt_regs; i++)
+			kfree(d->virt_buf[i]);
+		kfree(d->virt_buf);
+	}
 	kfree(d);
 	return ret;
 }
-- 
2.11.0