[PATCH] mmc: bcm2835: Fix possible NULL ptr dereference in bcm2835_request
Stefan Wahren
stefan.wahren at i2se.com
Sat Mar 25 06:17:00 PDT 2017
This fixes a NULL pointer dereference in case of a MMC request with a
set block count command and no data.
Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
Signed-off-by: Stefan Wahren <stefan.wahren at i2se.com>
---
drivers/mmc/host/bcm2835.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/bcm2835.c b/drivers/mmc/host/bcm2835.c
index 7d1b0db..1f343a4 100644
--- a/drivers/mmc/host/bcm2835.c
+++ b/drivers/mmc/host/bcm2835.c
@@ -1200,7 +1200,8 @@ static void bcm2835_request(struct mmc_host *mmc, struct mmc_request *mrq)
return;
}
- host->use_sbc = !!mrq->sbc && (host->mrq->data->flags & MMC_DATA_READ);
+ host->use_sbc = !!mrq->sbc && host->mrq->data &&
+ (host->mrq->data->flags & MMC_DATA_READ);
if (host->use_sbc) {
if (bcm2835_send_command(host, mrq->sbc)) {
if (!host->use_busy)
--
1.7.9.5
More information about the linux-rpi-kernel
mailing list