From e58a66d84bceba314b03e37ec0764b9b1b9227d0 Mon Sep 17 00:00:00 2001 From: Anton Prins Date: Tue, 27 Nov 2012 16:38:16 +0100 Subject: [PATCH] mtd: physmap_of: error checking to prevent a NULL pointer dereference This patch solves a NULL pointer dereference, this may occur if the tuple is not mappable (jumps to continue in the for-loop). Out of the loop possible results are: - info->list_size == 0 if no of the tuples is mappable - info->list_size == 1 - info->list_size > 1 If no one of the supplied tuples is mappable (info->list_size == 0) and info->cmtd will not be set. But it is used in mtd_device_parse_register, OOPS! actually it should generate an error in this case! Signed-off-by: Anton Prins Signed-off-by: Artem Bityutskiy --- drivers/mtd/maps/physmap_of.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c index cde8bf94338e..37cdc201652f 100644 --- a/drivers/mtd/maps/physmap_of.c +++ b/drivers/mtd/maps/physmap_of.c @@ -285,6 +285,7 @@ static int of_flash_probe(struct platform_device *dev) } err = 0; + info->cmtd = NULL; if (info->list_size == 1) { info->cmtd = info->list[0].mtd; } else if (info->list_size > 1) { @@ -293,9 +294,10 @@ static int of_flash_probe(struct platform_device *dev) */ info->cmtd = mtd_concat_create(mtd_list, info->list_size, dev_name(&dev->dev)); - if (info->cmtd == NULL) - err = -ENXIO; } + if (info->cmtd == NULL) + err = -ENXIO; + if (err) goto err_out; -- 2.20.1