diff mbox

mtd: nand: Fixed null pointer dereference.

Message ID 1300286875-21426-1-git-send-email-maarten@treewalker.org
State Superseded
Headers show

Commit Message

Maarten ter Huurne March 16, 2011, 2:47 p.m. UTC 
The "bd" argument of verify_bbt_descr() was dereferenced before it was checked for NULL.

Signed-off-by: Maarten ter Huurne <maarten@treewalker.org>
---
 drivers/mtd/nand/nand_bbt.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

Comments

Artem Bityutskiy March 31, 2011, 12:07 p.m. UTC | #1 
On Wed, 2011-03-16 at 15:47 +0100, Maarten ter Huurne wrote:
> The "bd" argument of verify_bbt_descr() was dereferenced before it was checked for NULL.
> 
> Signed-off-by: Maarten ter Huurne <maarten@treewalker.org>

Hi, this was fixed in upstream already by another person.
diff mbox

Patch

diff --git a/drivers/mtd/nand/nand_bbt.c b/drivers/mtd/nand/nand_bbt.c
index 6ebd869..fc05f51 100644
--- a/drivers/mtd/nand/nand_bbt.c
+++ b/drivers/mtd/nand/nand_bbt.c
@@ -1101,12 +1101,14 @@  static void mark_bbt_region(struct mtd_info *mtd, struct nand_bbt_descr *td)
 static void verify_bbt_descr(struct mtd_info *mtd, struct nand_bbt_descr *bd)
 {
 	struct nand_chip *this = mtd->priv;
-	u32 pattern_len = bd->len;
-	u32 bits = bd->options & NAND_BBT_NRBITS_MSK;
-	u32 table_size;
+	u32 pattern_len, bits, table_size;
 
 	if (!bd)
 		return;
+
+	pattern_len = bd->len;
+	bits = bd->options & NAND_BBT_NRBITS_MSK;
+
 	BUG_ON((this->options & NAND_USE_FLASH_BBT_NO_OOB) &&
 			!(this->options & NAND_USE_FLASH_BBT));
 	BUG_ON(!bits);