[PATCH] mmc: bcm2835: Fix possible NULL ptr dereference in bcm2835_request
Ulf Hansson
ulf.hansson at linaro.org
Mon Mar 27 01:22:38 PDT 2017
On 25 March 2017 at 14:17, Stefan Wahren <stefan.wahren at i2se.com> wrote:
> This fixes a NULL pointer dereference in case of a MMC request with a
> set block count command and no data.
>
> Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
> Signed-off-by: Stefan Wahren <stefan.wahren at i2se.com>
Thanks, applied for next!
Kind regards
Uffe
> ---
> drivers/mmc/host/bcm2835.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/mmc/host/bcm2835.c b/drivers/mmc/host/bcm2835.c
> index 7d1b0db..1f343a4 100644
> --- a/drivers/mmc/host/bcm2835.c
> +++ b/drivers/mmc/host/bcm2835.c
> @@ -1200,7 +1200,8 @@ static void bcm2835_request(struct mmc_host *mmc, struct mmc_request *mrq)
> return;
> }
>
> - host->use_sbc = !!mrq->sbc && (host->mrq->data->flags & MMC_DATA_READ);
> + host->use_sbc = !!mrq->sbc && host->mrq->data &&
> + (host->mrq->data->flags & MMC_DATA_READ);
> if (host->use_sbc) {
> if (bcm2835_send_command(host, mrq->sbc)) {
> if (!host->use_busy)
> --
> 1.7.9.5
>
More information about the linux-rpi-kernel
mailing list