From: Lars-Peter Clausen Date: Fri, 15 Jun 2012 16:08:59 +0000 (+0200) Subject: iio: buffer: Fix NULL pointer deref caused by empty scan mask X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=aff1eb4e3dd13ee419c6cd76baf1bcc2edeaaa86;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git iio: buffer: Fix NULL pointer deref caused by empty scan mask iio_scan_mask_match() returns NULL if the passed in scan mask is empty. This will happen if no channel has been selected and buffer is enabled. iio_sw_buffer_preenable() will assign NULL to indio_dev->active_scan_mask in this case. As a result iio_update_demux() will cause a NULL pointer deref, because it expects active_scan_mask to be non-NULL. Since it does not make much sense to start data capture if there is no data to capture this patch updates the code to fail gracefully in iio_scan_mask_match() instead of crashing the kernel. Signed-off-by: Lars-Peter Clausen Acked-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/iio/industrialio-buffer.c b/drivers/iio/industrialio-buffer.c index ac185b8694bd..2f35db93cdb6 100644 --- a/drivers/iio/industrialio-buffer.c +++ b/drivers/iio/industrialio-buffer.c @@ -553,6 +553,10 @@ int iio_sw_buffer_preenable(struct iio_dev *indio_dev) buffer->scan_mask); else indio_dev->active_scan_mask = buffer->scan_mask; + + if (indio_dev->active_scan_mask == NULL) + return -EINVAL; + iio_update_demux(indio_dev); if (indio_dev->info->update_scan_mode)