Patch to solve NULL pointer dereference in physmap_of.c

Message ID	85D877DD6EE67B4A9FCA9B9C3A4865670C3B018788@SI-MBX14.de.bosch.com
State	Accepted
Commit	e58a66d84bceba314b03e37ec0764b9b1b9227d0
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: "Prins Anton (ST-CO/ENG1.1)" <Anton.Prins@nl.bosch.com> To: "dedekind1@gmail.com" <dedekind1@gmail.com> Date: Wed, 5 Dec 2012 15:19:45 +0100 Subject: RE: Patch to solve NULL pointer dereference in physmap_of.c Thread-Topic: Patch to solve NULL pointer dereference in physmap_of.c Thread-Index: Ac3O8OFi0+tinBDNSVu5q2GB3fCdIgEAohgg Message-ID: <85D877DD6EE67B4A9FCA9B9C3A4865670C3B018788@SI-MBX14.de.bosch.com> References: <85D877DD6EE67B4A9FCA9B9C3A4865670C3ADE0635@SI-MBX14.de.bosch.com> <1353483740.2701.1.camel@sauron.fi.intel.com> <85D877DD6EE67B4A9FCA9B9C3A4865670C3AF1D4E4@SI-MBX14.de.bosch.com> <1354276262.30168.102.camel@sauron.fi.intel.com> In-Reply-To: <1354276262.30168.102.camel@sauron.fi.intel.com> Accept-Language: en-US Content-Language: en-US acceptlanguage: en-US MIME-Version: 1.0 summary: Content analysis details: (-6.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [139.15.237.6 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] Cc: "linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org> Precedence: list Content-Type: multipart/mixed; boundary="===============6239796284427410227==" Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Message ID

85D877DD6EE67B4A9FCA9B9C3A4865670C3B018788@SI-MBX14.de.bosch.com

State

Accepted

Commit

e58a66d84bceba314b03e37ec0764b9b1b9227d0

Headers

From: "Prins Anton (ST-CO/ENG1.1)" <Anton.Prins@nl.bosch.com>
To: "dedekind1@gmail.com" <dedekind1@gmail.com>
Date: Wed, 5 Dec 2012 15:19:45 +0100
Subject: RE: Patch to solve NULL pointer dereference in physmap_of.c
Thread-Topic: Patch to solve NULL pointer dereference in physmap_of.c
Thread-Index: Ac3O8OFi0+tinBDNSVu5q2GB3fCdIgEAohgg
Message-ID: <85D877DD6EE67B4A9FCA9B9C3A4865670C3B018788@SI-MBX14.de.bosch.com>
References: <85D877DD6EE67B4A9FCA9B9C3A4865670C3ADE0635@SI-MBX14.de.bosch.com>
	<1353483740.2701.1.camel@sauron.fi.intel.com>
	<85D877DD6EE67B4A9FCA9B9C3A4865670C3AF1D4E4@SI-MBX14.de.bosch.com>
	<1354276262.30168.102.camel@sauron.fi.intel.com>
In-Reply-To: <1354276262.30168.102.camel@sauron.fi.intel.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
MIME-Version: 1.0
Cc: "linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>
Precedence: list
Content-Type: multipart/mixed;
	boundary="===============6239796284427410227=="
Sender: linux-mtd-bounces@lists.infradead.org
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Commit Message

Prins Anton (ST-CO/ENG1.1) Dec. 5, 2012, 2:19 p.m. UTC

Hi Artem,

Sorry I'm in a learning curve... now used 'git format-patch'.
This made it working for 'git am'; so hopefully this time its fine!

Artem, thanks for your support!

Met vriendelijke groeten | Best Regards, 
Anton Prins

>From 1f7a524dfd9b0c4b315651ebdab87938430048a9 Mon Sep 17 00:00:00 2001
From: Anton Prins <anton.prins@nl.bosch.com>
Date: Tue, 27 Nov 2012 16:38:16 +0100
Subject: [PATCH] mtd: maps/physmap_of.c: error checking to prevent a NULL pointer dereference

This patch solves a NULL pointer dereference, this may occur if the tuple
is not mappable (jumps to continue in the for-loop). Out of the loop
possible results are:
- info->list_size == 0  if no of the tuples is mappable
- info->list_size == 1
- info->list_size > 1
If no one of the supplied tuples is mappable (info->list_size == 0) and
info->cmtd will not be set. But it is used in mtd_device_parse_register, OOPS!
actually it should generate an error in this case!
---
 drivers/mtd/maps/physmap_of.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c
index 2e6fb68..f6de444 100644
--- a/drivers/mtd/maps/physmap_of.c
+++ b/drivers/mtd/maps/physmap_of.c
@@ -268,6 +268,7 @@  static int __devinit of_flash_probe(struct platform_device *dev)
 	}
 
 	err = 0;
+	info->cmtd = NULL;
 	if (info->list_size == 1) {
 		info->cmtd = info->list[0].mtd;
 	} else if (info->list_size > 1) {
@@ -276,9 +277,10 @@  static int __devinit of_flash_probe(struct platform_device *dev)
 		 */
 		info->cmtd = mtd_concat_create(mtd_list, info->list_size,
 					       dev_name(&dev->dev));
-		if (info->cmtd == NULL)
-			err = -ENXIO;
 	}
+	if (info->cmtd == NULL)
+		err = -ENXIO;
+
 	if (err)
 		goto err_out;