* [PATCH] MFD: prevent null pointer dereference in mfd_add_device
@ 2010-05-15 19:57 Florian Fainelli
2010-05-15 20:01 ` Florian Fainelli
0 siblings, 1 reply; 2+ messages in thread
From: Florian Fainelli @ 2010-05-15 19:57 UTC (permalink / raw)
To: Samuel Ortiz, linux-kernel, Mark Brown
If a driver calls mfd_add_device with a NULL argument for the mem_base resource
we will end up dereferencing it without checking for its validity here:
res[r].start = mem_base->start cell->resources[r].start; (line 53 of mfd-core.c)
This patch adds the checking on the mem_base argument and bails out accordingly
if it is NULL.
Signed-off-by: Florian Fainelli <florian@openwrt.org>
CC: stable@kernel.org
---
diff --git a/drivers/mfd/mfd-core.c b/drivers/mfd/mfd-core.c
index 8ffbb7a..f890b27 100644
--- a/drivers/mfd/mfd-core.c
+++ b/drivers/mfd/mfd-core.c
@@ -49,6 +49,8 @@ static int mfd_add_device(struct device *parent, int id,
/* Find out base to use */
if (cell->resources[r].flags & IORESOURCE_MEM) {
+ if (!mem_base)
+ goto fail_res;
res[r].parent = mem_base;
res[r].start = mem_base->start +
cell->resources[r].start;
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] MFD: prevent null pointer dereference in mfd_add_device
2010-05-15 19:57 [PATCH] MFD: prevent null pointer dereference in mfd_add_device Florian Fainelli
@ 2010-05-15 20:01 ` Florian Fainelli
0 siblings, 0 replies; 2+ messages in thread
From: Florian Fainelli @ 2010-05-15 20:01 UTC (permalink / raw)
To: Samuel Ortiz; +Cc: linux-kernel, Mark Brown
Hi Samuel,
I just saw that your for-next branch contains the proper fix, this patch can be
discarded.
Le samedi 15 mai 2010 21:57:10, Florian Fainelli a écrit :
> If a driver calls mfd_add_device with a NULL argument for the mem_base
> resource we will end up dereferencing it without checking for its validity
> here: res[r].start = mem_base->start cell->resources[r].start; (line 53 of
> mfd-core.c)
>
> This patch adds the checking on the mem_base argument and bails out
> accordingly if it is NULL.
>
> Signed-off-by: Florian Fainelli <florian@openwrt.org>
> CC: stable@kernel.org
> ---
> diff --git a/drivers/mfd/mfd-core.c b/drivers/mfd/mfd-core.c
> index 8ffbb7a..f890b27 100644
> --- a/drivers/mfd/mfd-core.c
> +++ b/drivers/mfd/mfd-core.c
> @@ -49,6 +49,8 @@ static int mfd_add_device(struct device *parent, int id,
>
> /* Find out base to use */
> if (cell->resources[r].flags & IORESOURCE_MEM) {
> + if (!mem_base)
> + goto fail_res;
> res[r].parent = mem_base;
> res[r].start = mem_base->start +
> cell->resources[r].start;
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-05-15 20:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-15 19:57 [PATCH] MFD: prevent null pointer dereference in mfd_add_device Florian Fainelli
2010-05-15 20:01 ` Florian Fainelli
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).