[PATCH] mmc: bcm2835: Fix possible NULL ptr dereference in bcm2835_request
Jaehoon Chung
jh80.chung at samsung.com
Mon Mar 27 01:03:50 PDT 2017
On 03/25/2017 10:17 PM, Stefan Wahren wrote:
> This fixes a NULL pointer dereference in case of a MMC request with a
> set block count command and no data.
>
> Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
> Signed-off-by: Stefan Wahren <stefan.wahren at i2se.com>
Reviewed-by: Jaehoon Chung <jh80.chung at samsung.com>
> ---
> drivers/mmc/host/bcm2835.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/mmc/host/bcm2835.c b/drivers/mmc/host/bcm2835.c
> index 7d1b0db..1f343a4 100644
> --- a/drivers/mmc/host/bcm2835.c
> +++ b/drivers/mmc/host/bcm2835.c
> @@ -1200,7 +1200,8 @@ static void bcm2835_request(struct mmc_host *mmc, struct mmc_request *mrq)
> return;
> }
>
> - host->use_sbc = !!mrq->sbc && (host->mrq->data->flags & MMC_DATA_READ);
> + host->use_sbc = !!mrq->sbc && host->mrq->data &&
> + (host->mrq->data->flags & MMC_DATA_READ);
> if (host->use_sbc) {
> if (bcm2835_send_command(host, mrq->sbc)) {
> if (!host->use_busy)
>
More information about the linux-rpi-kernel
mailing list