From: Serge Semin <fancer.lancer@gmail.com>
To: richard.leitner@skidata.com, gregkh@linuxfoundation.org,
robh+dt@kernel.org, mark.rutland@arm.com
Cc: Sergey.Semin@t-platforms.ru, linux-usb@vger.kernel.org,
devicetree@vger.kernel.org, linux-kernel@vger.kernel.org,
Serge Semin <fancer.lancer@gmail.com>
Subject: [PATCH 7/9 v2] usb: usb251xb: Fix property_u32 NULL pointer dereference
Date: Sat, 16 Sep 2017 13:42:18 +0300 [thread overview]
Message-ID: <20170916104220.3742-8-fancer.lancer@gmail.com> (raw)
In-Reply-To: <20170916104220.3742-1-fancer.lancer@gmail.com>
The methods like of_property_read_u32 utilizing the specified
pointer permit only the pointer to a preallocated u32 storage as the
third argument. As a result the driver crashes on NULL pointer
dereference in case if "oc-delay-us" or "power-on-time-ms" declared
in dts file.
Signed-off-by: Serge Semin <fancer.lancer@gmail.com>
---
drivers/usb/misc/usb251xb.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/usb/misc/usb251xb.c b/drivers/usb/misc/usb251xb.c
index 51cc53ddc..c308b0006 100644
--- a/drivers/usb/misc/usb251xb.c
+++ b/drivers/usb/misc/usb251xb.c
@@ -348,7 +348,7 @@ static int usb251xb_get_ofdata(struct usb251xb *hub,
struct device *dev = hub->dev;
struct device_node *np = dev->of_node;
int len, err, i;
- u32 *property_u32 = NULL;
+ u32 property_u32 = 0;
const u32 *cproperty_u32;
const char *cproperty_char;
char str[USB251XB_STRING_BUFSIZE / 2];
@@ -425,16 +425,16 @@ static int usb251xb_get_ofdata(struct usb251xb *hub,
if (of_get_property(np, "dynamic-power-switching", NULL))
hub->conf_data2 |= BIT(7);
- if (!of_property_read_u32(np, "oc-delay-us", property_u32)) {
- if (*property_u32 == 100) {
+ if (!of_property_read_u32(np, "oc-delay-us", &property_u32)) {
+ if (property_u32 == 100) {
/* 100 us*/
hub->conf_data2 &= ~BIT(5);
hub->conf_data2 &= ~BIT(4);
- } else if (*property_u32 == 4000) {
+ } else if (property_u32 == 4000) {
/* 4 ms */
hub->conf_data2 &= ~BIT(5);
hub->conf_data2 |= BIT(4);
- } else if (*property_u32 == 16000) {
+ } else if (property_u32 == 16000) {
/* 16 ms */
hub->conf_data2 |= BIT(5);
hub->conf_data2 |= BIT(4);
@@ -498,8 +498,8 @@ static int usb251xb_get_ofdata(struct usb251xb *hub,
}
hub->power_on_time = USB251XB_DEF_POWER_ON_TIME;
- if (!of_property_read_u32(np, "power-on-time-ms", property_u32))
- hub->power_on_time = min_t(u8, *property_u32 / 2, 255);
+ if (!of_property_read_u32(np, "power-on-time-ms", &property_u32))
+ hub->power_on_time = min_t(u8, property_u32 / 2, 255);
if (of_property_read_u16_array(np, "language-id", &hub->lang_id, 1))
hub->lang_id = USB251XB_DEF_LANGUAGE_ID;
--
2.12.0
next prev parent reply other threads:[~2017-09-16 10:42 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-15 23:31 [PATCH 0/5] usb: usb251xb: Add USB2517i hub support and fix some bugs Serge Semin
2017-09-15 23:31 ` [PATCH 1/5] usb: usb251xb: Add USB2517/i hub support Serge Semin
2017-09-15 23:45 ` Greg KH
[not found] ` <20170915234514.GA8407-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2017-09-15 23:55 ` Serge Semin
2017-09-20 20:52 ` Rob Herring
2017-09-20 21:15 ` Serge Semin
2017-09-21 16:53 ` Rob Herring
[not found] ` <CAL_Jsq+8RqmOzwrH7U=F7Fh9aUHALK-SpJQWfdOR-0J8Pna23g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-09-21 17:40 ` Serge Semin
2017-09-15 23:31 ` [PATCH 2/5] usb: usb251xb: Fix property_u32 NULL pointer dereference Serge Semin
2017-09-15 23:31 ` [PATCH 3/5] usb: usb251xb: Add max power/current dts nodes Serge Semin
2017-09-15 23:31 ` [PATCH 4/5] usb: usb251xb: Use GPIO descriptor consumer interface Serge Semin
2017-09-15 23:31 ` [PATCH 5/5] usb: usb251xb: Add copyrights Serge Semin
[not found] ` <20170915233113.17855-6-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-09-15 23:40 ` Greg KH
[not found] ` <20170915234028.GA7681-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2017-09-15 23:42 ` Greg KH
2017-09-15 23:45 ` Serge Semin
2017-09-15 23:53 ` Greg KH
2017-09-16 0:11 ` Serge Semin
[not found] ` <20170915233113.17855-1-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-09-16 10:42 ` [PATCH 0/9 v2] usb: usb251xb: Add USB2517i hub support and fix some bugs Serge Semin
2017-09-16 10:42 ` [PATCH 1/9 v2] usb: usb251xb: Add USB2517i specific struct and IDs Serge Semin
[not found] ` <20170916104220.3742-2-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-10-04 7:39 ` Richard Leitner
2017-09-16 10:42 ` [PATCH 2/9 v2] usb: usb251xb: Add USB251x specific port count setting Serge Semin
[not found] ` <20170916104220.3742-3-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-10-04 7:27 ` Richard Leitner
2017-09-16 10:42 ` [PATCH 3/9 v2] usb: usb251xb: Add 5,6,7 ports mapping def setting Serge Semin
2017-10-04 7:51 ` Richard Leitner
[not found] ` <20170916104220.3742-1-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-09-16 10:42 ` [PATCH 4/9 v2] usb: usb251xb: Add 5,6,7 ports boost settings Serge Semin
[not found] ` <20170916104220.3742-5-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-10-04 7:57 ` Richard Leitner
2017-09-16 10:42 ` [PATCH 8/9 v2] usb: usb251xb: Add max power/current dts property support Serge Semin
2017-09-20 20:52 ` Rob Herring
2017-09-20 21:27 ` Serge Semin
2017-09-21 16:26 ` Rob Herring
[not found] ` <CAL_Jsq+ftbGSQOOor_1L9NO9h7rjYm9nB26PxNOPgyHU6k3j_A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-09-21 17:10 ` Serge Semin
2017-10-04 8:12 ` Richard Leitner
[not found] ` <53559bc4-5faa-6797-7c12-f635049f1411-WcANXNA0UjBBDgjK7y7TUQ@public.gmane.org>
2017-10-04 13:44 ` Rob Herring
2017-10-22 20:38 ` [PATCH 00/10 v3] usb: usb251xb: Add USB2517i hub support and fix some bugs Serge Semin
2017-10-22 20:38 ` [PATCH 01/10 v3] usb: usb251xb: Update usb251xb bindings Serge Semin
[not found] ` <20171022203812.9379-2-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-10-27 3:21 ` Rob Herring
2017-10-22 20:38 ` [PATCH 02/10 v3] usb: usb251xb: Add USB2517i specific struct and IDs Serge Semin
[not found] ` <20171022203812.9379-3-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-10-23 21:47 ` Richard Leitner
2017-10-22 20:38 ` [PATCH 04/10 v3] usb: usb251xb: Add 5,6,7 ports mapping def setting Serge Semin
2017-10-22 20:38 ` [PATCH 05/10 v3] usb: usb251xb: Add 5,6,7 ports boost settings Serge Semin
2017-10-22 20:38 ` [PATCH 06/10 v3] usb: usb251xb: Add battery enable setting flag Serge Semin
2017-10-22 20:38 ` [PATCH 07/10 v3] usb: usb251xb: Add USB2517 LED settings Serge Semin
2017-10-22 20:38 ` [PATCH 08/10 v3] usb: usb251xb: Fix property_u32 NULL pointer dereference Serge Semin
2017-10-22 20:38 ` [PATCH 09/10 v3] usb: usb251xb: Add max power/current dts property support Serge Semin
[not found] ` <20171022203812.9379-10-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-10-23 21:55 ` Richard Leitner
[not found] ` <20171022203812.9379-1-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-10-22 20:38 ` [PATCH 03/10 v3] usb: usb251xb: Add USB251x specific port count setting Serge Semin
[not found] ` <20171022203812.9379-4-fancer.lancer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-10-23 21:36 ` Richard Leitner
2017-10-22 20:38 ` [PATCH 10/10 v3] usb: usb251xb: Use GPIO descriptor consumer interface Serge Semin
2017-09-16 10:42 ` [PATCH 5/9 v2] usb: usb251xb: Add battery enable setting flag Serge Semin
2017-09-16 10:42 ` [PATCH 6/9 v2] usb: usb251xb: Add USB2517 LED settings Serge Semin
2017-09-16 10:42 ` Serge Semin [this message]
2017-09-16 10:42 ` [PATCH 9/9 v2] usb: usb251xb: Use GPIO descriptor consumer interface Serge Semin
2017-09-20 20:52 ` Rob Herring
2017-09-20 21:29 ` Serge Semin
2017-09-21 8:23 ` Greg KH
[not found] ` <20170921082338.GA30669-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2017-09-21 14:51 ` Serge Semin
2017-09-21 15:07 ` Greg KH
[not found] ` <20170921150714.GA7791-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2017-09-22 15:26 ` Serge Semin
2017-09-22 16:05 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170916104220.3742-8-fancer.lancer@gmail.com \
--to=fancer.lancer@gmail.com \
--cc=Sergey.Semin@t-platforms.ru \
--cc=devicetree@vger.kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=richard.leitner@skidata.com \
--cc=robh+dt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).