[PATCH] drivers:media:i2c:ov02a10.c: fix a potential use-after-put bug

[PATCH] drivers:media:i2c:ov02a10.c: fix a potential use-after-put bug

[Wentao_Liang]

In line 825 (#1), "fwnode_handle_put(ep);" drops the reference to ep
and may cause ep to be released. However, ep is subsequently used in
lines 831 (#3) by "ret = fwnode_property_read_u32(ep, "ovti,mipi-clock-
voltage", &clk_volt);". This may result in an use-after-put bug.

It can be fixed by removing "fwnode_handle_put(ep);" in line 825 (#1)
and call it respectively before the function returns (line 827, #2) and
after ep has been used again (line 831, #3).

 806 static int ov02a10_check_hwcfg(struct device *dev,
                              struct ov02a10 *ov02a10)
 807 {
 ...
 825     fwnode_handle_put(ep); //#1 Memory can be released.
 826     if (ret)
 827         return ret;
             //#2 One of the branch ways ends here.
	     //   Function returns.

 ...
 830     ret = fwnode_property_read_u32(ep, "ovti,mipi-clock-voltage",
 831                        &clk_volt);
			//#3 Use of memory after it may be freed.
 ...
 853     return ret;
 854 }

Signed-off-by: Wentao_Liang <Wentao_Liang_g@163.com>
---
 drivers/media/i2c/ov02a10.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/media/i2c/ov02a10.c b/drivers/media/i2c/ov02a10.c
index a3ce5500d355..1066a17e9cf8 100644
--- a/drivers/media/i2c/ov02a10.c
+++ b/drivers/media/i2c/ov02a10.c
@@ -822,13 +822,15 @@ static int ov02a10_check_hwcfg(struct device *dev, struct ov02a10 *ov02a10)
 		return -ENXIO;
 
 	ret = v4l2_fwnode_endpoint_alloc_parse(ep, &bus_cfg);
-	fwnode_handle_put(ep);
-	if (ret)
+	if (ret) {
+		fwnode_handle_put(ep);
 		return ret;
+	}
 
 	/* Optional indication of MIPI clock voltage unit */
 	ret = fwnode_property_read_u32(ep, "ovti,mipi-clock-voltage",
 				       &clk_volt);
+	fwnode_handle_put(ep);
 
 	if (!ret)
 		ov02a10->mipi_clock_voltage = clk_volt;
-- 
2.25.1