[PATCH] mtd: Fix kernel NULL pointer dereference in physmap.c
Atsushi Nemoto
anemo at mba.ocn.ne.jp
Tue Oct 20 11:29:41 EDT 2009
On Mon, 19 Oct 2009 13:31:46 -0400, "H Hartley Sweeten" <hartleys at visionengravers.com> wrote:
> During the probe for physmap platform flash devices there are a
> number error exit conditions that all do a goto err_out which
> then calls physmap_flash_remove(). In that function one of the
> cleanup steps is:
>
> #ifdef CONFIG_MTD_CONCAT
> if (info->cmtd != info->mtd[0])
> mtd_concat_destroy(info->cmtd);
> #endif
>
> This test will succeed since info->cmtd == NULL and info->mtd[0] is
> valid.
Oh I had missed this case when fixing physmap_flash_remove last time.
> Fix this by exiting the remove function when info->cmtd == NULL.
No, map_destroy loop at the end of the function should not be skipped
even when info->cmtd == NULL.
> Also, cleanup the #ifdef CONFIG_MTD_PARTITIONS stuff by using
> mtd_has_partitions().
And this cleanup cause build errors when CONFIG_MTD_PARTITIONS was not
set. A separate patch might be better for such cleanup.
---
Atsushi Nemoto
More information about the linux-mtd
mailing list