From patchwork Fri Nov 9 07:45:24 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Prins Anton (ST-CO/ENG1.1)" X-Patchwork-Id: 197989 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:4978:20e::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id C94482C00E1 for ; Fri, 9 Nov 2012 18:57:08 +1100 (EST) Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux)) id 1TWjQC-0006Yw-KT; Fri, 09 Nov 2012 07:54:36 +0000 Received: from imta22.fe.bosch.de ([139.15.243.26]) by merlin.infradead.org with esmtps (Exim 4.76 #1 (Red Hat Linux)) id 1TWjQ9-0006Xp-LW for linux-mtd@lists.infradead.org; Fri, 09 Nov 2012 07:54:35 +0000 Received: from smtp2-v.fe.bosch.de (imta24.fe.bosch.de [139.15.243.27]) by imta22.fe.bosch.de (Postfix) with ESMTP id AA0821E4061A for ; Fri, 9 Nov 2012 08:45:47 +0100 (CET) Received: from vsmta11.fe.internet.bosch.com (unknown [10.4.98.51]) by imta24.fe.bosch.de (Postfix) with ESMTP id 206EAB0020E for ; Fri, 9 Nov 2012 08:45:38 +0100 (CET) Received: from localhost (vsgw4.fe.internet.bosch.com [10.4.98.12]) by vsmta11.fe.internet.bosch.com (Postfix) with SMTP id BB78343C025F for ; Fri, 9 Nov 2012 08:45:21 +0100 (CET) Received: from SI-MBX14.de.bosch.com ([10.3.153.115]) by si-hub06.de.bosch.com ([10.3.153.48]) with mapi; Fri, 9 Nov 2012 08:45:26 +0100 From: "Prins Anton (ST-CO/ENG1.1)" To: "linux-mtd@lists.infradead.org" Date: Fri, 9 Nov 2012 08:45:24 +0100 Subject: Patch to solve NULL pointer dereference in physmap_of.c Thread-Topic: Patch to solve NULL pointer dereference in physmap_of.c Thread-Index: Ac2+Ti3AQTOZCG6ARsSUypVERh5JVA== Message-ID: <85D877DD6EE67B4A9FCA9B9C3A4865670C3ADE0635@SI-MBX14.de.bosch.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20121109_025433_869733_355E530E X-CRM114-Status: UNSURE ( 7.82 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -6.9 (------) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-6.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [139.15.243.26 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org commit 0905a6f4aec377123e94d2260f2f7a0d867e19be Author: Anton Prins Date: Fri Nov 9 10:12:58 2012 +0100 Correct error checking to prevent a NULL pointer dereference The problem only occurs if the DTS is not correct, the requested mapping is not reserved on the parent bus. In this special case the count is 1, but the list_size after mapping is 0. list_size 0 should generate an error! diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c index 2e6fb68..83d121e 100644 --- a/drivers/mtd/maps/physmap_of.c +++ b/drivers/mtd/maps/physmap_of.c @@ -267,13 +267,14 @@ static int __devinit of_flash_probe(struct platform_device *dev) info->list[i].mtd->dev.parent = &dev->dev; } - err = 0; if (info->list_size == 1) { + err = 0; info->cmtd = info->list[0].mtd; } else if (info->list_size > 1) { /* * We detected multiple devices. Concatenate them together. */ + err = 0; info->cmtd = mtd_concat_create(mtd_list, info->list_size, dev_name(&dev->dev)); if (info->cmtd == NULL)