| Message ID | 20210207150736.24382-1-alex_luca@163.com |
|---|---|
| State | New |
| Headers | show |
| Series | pinctrl: renesas:fix possible null pointer dereference struct pinmux_range * | expand |
Hi Alex, Thanks for your patch! On Sun, Feb 7, 2021 at 4:08 PM <alex_luca@163.com> wrote: > From: Zhang Kun <zhangkun@cdjrlc.com> > > The parameters of sh_pfc_enum_in_range() pinmux_range *r should be checked > first for possible null ponter, especially when PINMUX_TYPE_FUNCTION as the > pinmux_type was passed by sh_pfc_config_mux(). If pinmux_type in sh_pfc_config_mux() is PINMUX_TYPE_FUNCTION or PINMUX_TYPE_GPIO, range is indeed NULL. But as the call in_range = sh_pfc_enum_in_range(enum_id, range); is not done in case of these pinmux types, I don't see where the problem is. What am I missing? > Signed-off-by: Zhang Kun <zhangkun@cdjrlc.com> As you picked up a patch from Zhang, you should add your own SoB here. > --- a/drivers/pinctrl/renesas/core.c > +++ b/drivers/pinctrl/renesas/core.c > @@ -128,6 +128,9 @@ int sh_pfc_get_pin_index(struct sh_pfc *pfc, unsigned int pin) > > static int sh_pfc_enum_in_range(u16 enum_id, const struct pinmux_range *r) > { > + if (!r) > + return 0; > + > if (enum_id < r->begin) > return 0; Gr{oetje,eeting}s, Geert
On 2/9/21 10:12 PM, Geert Uytterhoeven wrote: > Hi Alex, > > Thanks for your patch! > > On Sun, Feb 7, 2021 at 4:08 PM <alex_luca@163.com> wrote: >> From: Zhang Kun <zhangkun@cdjrlc.com> >> >> The parameters of sh_pfc_enum_in_range() pinmux_range *r should be checked >> first for possible null ponter, especially when PINMUX_TYPE_FUNCTION as the >> pinmux_type was passed by sh_pfc_config_mux(). > > If pinmux_type in sh_pfc_config_mux() is PINMUX_TYPE_FUNCTION or > PINMUX_TYPE_GPIO, range is indeed NULL. > But as the call > > in_range = sh_pfc_enum_in_range(enum_id, range); > > is not done in case of these pinmux types, I don't see where the > problem is. What am I missing? > Oh, you are right. I think I know what I missed. Thank you. Alex
diff --git a/drivers/pinctrl/renesas/core.c b/drivers/pinctrl/renesas/core.c index 2cc457279345..40bbc8366668 100644 --- a/drivers/pinctrl/renesas/core.c +++ b/drivers/pinctrl/renesas/core.c @@ -128,6 +128,9 @@ int sh_pfc_get_pin_index(struct sh_pfc *pfc, unsigned int pin) static int sh_pfc_enum_in_range(u16 enum_id, const struct pinmux_range *r) { + if (!r) + return 0; + if (enum_id < r->begin) return 0;