Patchwork Patch to solve NULL pointer dereference in physmap_of.c

login
register
mail settings
Submitter Prins Anton (ST-CO/ENG1.1)
Date Dec. 5, 2012, 2:19 p.m.
Message ID <85D877DD6EE67B4A9FCA9B9C3A4865670C3B018788@SI-MBX14.de.bosch.com>
Download mbox | patch
Permalink /patch/203879/
State New
Headers show

Comments

Prins Anton (ST-CO/ENG1.1) - Dec. 5, 2012, 2:19 p.m.
Hi Artem,

Sorry I'm in a learning curve... now used 'git format-patch'.
This made it working for 'git am'; so hopefully this time its fine!

Artem, thanks for your support!

Met vriendelijke groeten | Best Regards, 
Anton Prins

>From 1f7a524dfd9b0c4b315651ebdab87938430048a9 Mon Sep 17 00:00:00 2001
From: Anton Prins <anton.prins@nl.bosch.com>
Date: Tue, 27 Nov 2012 16:38:16 +0100
Subject: [PATCH] mtd: maps/physmap_of.c: error checking to prevent a NULL pointer dereference

This patch solves a NULL pointer dereference, this may occur if the tuple
is not mappable (jumps to continue in the for-loop). Out of the loop
possible results are:
- info->list_size == 0  if no of the tuples is mappable
- info->list_size == 1
- info->list_size > 1
If no one of the supplied tuples is mappable (info->list_size == 0) and
info->cmtd will not be set. But it is used in mtd_device_parse_register, OOPS!
actually it should generate an error in this case!
---
 drivers/mtd/maps/physmap_of.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

Patch

diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c
index 2e6fb68..f6de444 100644
--- a/drivers/mtd/maps/physmap_of.c
+++ b/drivers/mtd/maps/physmap_of.c
@@ -268,6 +268,7 @@  static int __devinit of_flash_probe(struct platform_device *dev)
 	}
 
 	err = 0;
+	info->cmtd = NULL;
 	if (info->list_size == 1) {
 		info->cmtd = info->list[0].mtd;
 	} else if (info->list_size > 1) {
@@ -276,9 +277,10 @@  static int __devinit of_flash_probe(struct platform_device *dev)
 		 */
 		info->cmtd = mtd_concat_create(mtd_list, info->list_size,
 					       dev_name(&dev->dev));
-		if (info->cmtd == NULL)
-			err = -ENXIO;
 	}
+	if (info->cmtd == NULL)
+		err = -ENXIO;
+
 	if (err)
 		goto err_out;