video: tegra: nvmap: Fix security issue in NVMAP_IOC_PARAM

Initialized the uninitialized variables and handled return status
from nvmap_get_handle_param.

Bug 1884311
Bug 1820242

Change-Id: I2390c859d2b2af39eaff44749ca64e60920fe944
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: http://git-master/r/1259560
Reviewed-on: http://git-master/r/1489707
GVS: Gerrit_Virtual_Submit
Tested-by: Sumit Gupta <sumitg@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>

1 files changed, 6 insertions, 3 deletions

diff --git a/drivers/video/tegra/nvmap/nvmap_ioctl.c b/drivers/video/tegra/nvmap/nvmap_ioctl.c
index 27db8f6799af..98b9c78f278b 100644
--- a/drivers/video/tegra/nvmap/nvmap_ioctl.c
+++ b/drivers/video/tegra/nvmap/nvmap_ioctl.c
@@ -454,9 +454,9 @@ int nvmap_ioctl_get_param(struct file *filp, void __user *arg, bool is32)
 	struct nvmap_handle_param __user *uarg = arg;
 	struct nvmap_handle_param op;
 	struct nvmap_client *client = filp->private_data;
-	struct nvmap_handle_ref *ref;
-	struct nvmap_handle *h;
-	u64 result;
+	struct nvmap_handle_ref *ref = NULL;
+	struct nvmap_handle *h = NULL;
+	u64 result = 0;
 	int err = 0;
 
 #ifdef CONFIG_COMPAT
@@ -482,6 +482,9 @@ int nvmap_ioctl_get_param(struct file *filp, void __user *arg, bool is32)
 	}
 
 	err = nvmap_get_handle_param(client, ref, op.param, &result);
+	if (err) {
+		goto ref_fail;
+	}
 
 #ifdef CONFIG_COMPAT
 	if (is32)