From 1f7a524dfd9b0c4b315651ebdab87938430048a9 Mon Sep 17 00:00:00 2001 From: Anton Prins Date: Tue, 27 Nov 2012 16:38:16 +0100 Subject: [PATCH] mtd: maps/physmap_of.c: error checking to prevent a NULL pointer dereference This patch solves a NULL pointer dereference, this may occur if the tuple is not mappable (jumps to continue in the for-loop). Out of the loop possible results are: - info->list_size == 0 if no of the tuples is mappable - info->list_size == 1 - info->list_size > 1 If no one of the supplied tuples is mappable (info->list_size == 0) and info->cmtd will not be set. But it is used in mtd_device_parse_register, OOPS! actually it should generate an error in this case! --- drivers/mtd/maps/physmap_of.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c index 2e6fb68..f6de444 100644 --- a/drivers/mtd/maps/physmap_of.c +++ b/drivers/mtd/maps/physmap_of.c @@ -268,6 +268,7 @@ static int __devinit of_flash_probe(struct platform_device *dev) } err = 0; + info->cmtd = NULL; if (info->list_size == 1) { info->cmtd = info->list[0].mtd; } else if (info->list_size > 1) { @@ -276,9 +277,10 @@ static int __devinit of_flash_probe(struct platform_device *dev) */ info->cmtd = mtd_concat_create(mtd_list, info->list_size, dev_name(&dev->dev)); - if (info->cmtd == NULL) - err = -ENXIO; } + if (info->cmtd == NULL) + err = -ENXIO; + if (err) goto err_out; -- 1.7.0.4