[PATCH 1/2] mtdpart: Avoid divide-by-zero on out-of-reach path

Atsushi Nemoto anemo at mba.ocn.ne.jp
Thu Jun 19 03:09:38 EDT 2008 

On Wed, 18 Jun 2008 19:52:53 +0200, Jörn Engel <joern at logfs.org> wrote:
> I've had a quick go at it.  Three cleanup patches first, then the goto.
> Patches have been compile-tested, but not more.  Would these work?

Unfortunately, no.

> +		err = add_one_partition(master, parts + i, i, cur_offset);
> +		if (err)
> +			return err;
> +		slave = PART(parts[i].mtdp);
> +		cur_offset = slave->offset + slave->mtd.size;

This should be 'slave = PART(*parts[i].mtdp)', but anyway you cannot
dereference mtdp while it can be NULL.

Other parts of your patchset are very good for me.  Thanks.

This is my quick fix on top of your patchset.  Please fold this (or
your own fix) into first patch.

--- linux/drivers/mtd/mtdpart.c	2008-06-19 15:35:28.000000000 +0900
+++ linux/drivers/mtd/mtdpart.c	2008-06-19 15:36:43.000000000 +0900
@@ -324,7 +324,7 @@ int del_mtd_partitions(struct mtd_info *
 }
 EXPORT_SYMBOL(del_mtd_partitions);
 
-static int add_one_partition(struct mtd_info *master,
+static struct mtd_part *add_one_partition(struct mtd_info *master,
 		const struct mtd_partition *part, int partno,
 		u_int32_t cur_offset)
 {
@@ -336,7 +336,7 @@ static int add_one_partition(struct mtd_
 		printk(KERN_ERR"memory allocation error while creating partitions for \"%s\"\n",
 			master->name);
 		del_mtd_partitions(master);
-		return -ENOMEM;
+		return NULL;
 	}
 	list_add(&slave->list, &mtd_partitions);
 
@@ -495,7 +495,7 @@ out_register:
 		add_mtd_device(&slave->mtd);
 		slave->registered = 1;
 	}
-	return 0;
+	return slave;
 }
 
 /*
@@ -511,15 +511,14 @@ int add_mtd_partitions(struct mtd_info *
 {
 	struct mtd_part *slave;
 	u_int32_t cur_offset = 0;
-	int i, err;
+	int i;
 
 	printk(KERN_NOTICE "Creating %d MTD partitions on \"%s\":\n", nbparts, master->name);
 
 	for (i = 0; i < nbparts; i++) {
-		err = add_one_partition(master, parts + i, i, cur_offset);
-		if (err)
-			return err;
-		slave = PART(parts[i].mtdp);
+		slave = add_one_partition(master, parts + i, i, cur_offset);
+		if (!slave)
+			return -ENOMEM;
 		cur_offset = slave->offset + slave->mtd.size;
 	}
 

---
Atsushi Nemoto

More information about the linux-mtd mailing list