From patchwork Fri Nov  9 07:45:24 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Patch to solve NULL pointer dereference in physmap_of.c
From: "Prins Anton \(ST-CO/ENG1.1\)" <Anton.Prins@nl.bosch.com>
X-Patchwork-Id: 197989
Message-Id: <85D877DD6EE67B4A9FCA9B9C3A4865670C3ADE0635@SI-MBX14.de.bosch.com>
To: "linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>
Date: Fri, 9 Nov 2012 08:45:24 +0100

commit 0905a6f4aec377123e94d2260f2f7a0d867e19be
Author: Anton Prins <anton.prins@nl.bosch.com>
Date:   Fri Nov 9 10:12:58 2012 +0100

    Correct error checking to prevent a NULL pointer dereference

    The problem only occurs if the DTS is not correct, the requested mapping is not reserved on the parent bus.
    In this special case the count is 1, but the list_size after mapping is 0. list_size 0 should generate an error!


diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c
index 2e6fb68..83d121e 100644
--- a/drivers/mtd/maps/physmap_of.c
+++ b/drivers/mtd/maps/physmap_of.c
@@ -267,13 +267,14 @@ static int __devinit of_flash_probe(struct platform_device *dev)
                info->list[i].mtd->dev.parent = &dev->dev;
        }

-       err = 0;
        if (info->list_size == 1) {
+               err = 0;
                info->cmtd = info->list[0].mtd;
        } else if (info->list_size > 1) {
                /*
                 * We detected multiple devices. Concatenate them together.
                 */
+               err = 0;
                info->cmtd = mtd_concat_create(mtd_list, info->list_size,
                                               dev_name(&dev->dev));
                if (info->cmtd == NULL)