Patchwork [U-Boot] cmd_nand: fix crashing bug in nand read/write

login
register
mail settings
Submitter Steve Sakoman
Date June 7, 2012, 5:19 p.m.
Message ID <1339089558-22806-1-git-send-email-steve@sakoman.com>
Download mbox | patch
Permalink /patch/163652/
State Accepted
Commit 8d75c8964baa76d097edb4aa4b0474600f2998ba
Headers show

Comments

Steve Sakoman - June 7, 2012, 5:19 p.m.
Commit 418396e212b59bf907dbccad997ff50f7eb61b16 introduced a
bug that causes nand read and nand write to crash in strcmp
due to a null pointer.

Root cause is that strchr(cmd, '.') returns a null pointer when
the input string does not contain a '.'

The strcmp function does not check for null pointers, resulting
in a crash.

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 common/cmd_nand.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
Scott Wood - June 7, 2012, 5:27 p.m.
On 06/07/2012 12:19 PM, Steve Sakoman wrote:
> Commit 418396e212b59bf907dbccad997ff50f7eb61b16 introduced a
> bug that causes nand read and nand write to crash in strcmp
> due to a null pointer.
> 
> Root cause is that strchr(cmd, '.') returns a null pointer when
> the input string does not contain a '.'
> 
> The strcmp function does not check for null pointers, resulting
> in a crash.
> 
> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Applied to u-boot-nand-flash, thanks!

This was missed in testing because U-Boot on PowerPC unfortunately has a
valid mapping at NULL.

-Scott

Patch

diff --git a/common/cmd_nand.c b/common/cmd_nand.c
index fa44295..a91ccf4 100644
--- a/common/cmd_nand.c
+++ b/common/cmd_nand.c
@@ -617,7 +617,7 @@  int do_nand(cmd_tbl_t * cmdtp, int flag, int argc, char * const argv[])
 
 		s = strchr(cmd, '.');
 
-		if (!strcmp(s, ".raw")) {
+		if (s && !strcmp(s, ".raw")) {
 			raw = 1;
 
 			if (arg_off(argv[3], &dev, &off, &size))