[U-Boot] cmd_nand: fix crashing bug in nand read/write

Submitted by Steve Sakoman on June 7, 2012, 5:19 p.m.

Details

Message ID 1339089558-22806-1-git-send-email-steve@sakoman.com
State Accepted
Commit 8d75c8964baa76d097edb4aa4b0474600f2998ba
Headers show

Commit Message

Steve Sakoman June 7, 2012, 5:19 p.m.
Commit 418396e212b59bf907dbccad997ff50f7eb61b16 introduced a
bug that causes nand read and nand write to crash in strcmp
due to a null pointer.

Root cause is that strchr(cmd, '.') returns a null pointer when
the input string does not contain a '.'

The strcmp function does not check for null pointers, resulting
in a crash.

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 common/cmd_nand.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

Scott Wood June 7, 2012, 5:27 p.m.
On 06/07/2012 12:19 PM, Steve Sakoman wrote:
> Commit 418396e212b59bf907dbccad997ff50f7eb61b16 introduced a
> bug that causes nand read and nand write to crash in strcmp
> due to a null pointer.
> 
> Root cause is that strchr(cmd, '.') returns a null pointer when
> the input string does not contain a '.'
> 
> The strcmp function does not check for null pointers, resulting
> in a crash.
> 
> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Applied to u-boot-nand-flash, thanks!

This was missed in testing because U-Boot on PowerPC unfortunately has a
valid mapping at NULL.

-Scott

Patch hide | download patch | download mbox

diff --git a/common/cmd_nand.c b/common/cmd_nand.c
index fa44295..a91ccf4 100644
--- a/common/cmd_nand.c
+++ b/common/cmd_nand.c
@@ -617,7 +617,7 @@  int do_nand(cmd_tbl_t * cmdtp, int flag, int argc, char * const argv[])
 
 		s = strchr(cmd, '.');
 
-		if (!strcmp(s, ".raw")) {
+		if (s && !strcmp(s, ".raw")) {
 			raw = 1;
 
 			if (arg_off(argv[3], &dev, &off, &size))