From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Lee Jones" , "Krzysztof Kozlowski" Date: Mon, 28 Apr 2014 02:11:22 +0100 Message-ID: Subject: [PATCH 3.2 54/94] mfd: max8925: Fix possible NULL pointer dereference on i2c_new_dummy error In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-ID: 3.2.58-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Krzysztof Kozlowski commit 96cf3dedc491d2f1f66cc26217f2b06b0c7b6797 upstream. During probe the driver allocates dummy I2C devices for RTC and ADC with i2c_new_dummy() but it does not check the return value of this calls. In case of error (i2c_new_device(): memory allocation failure or I2C address cannot be used) this function returns NULL which is later used by i2c_unregister_device(). If i2c_new_dummy() fails for RTC or ADC devices, fail also the probe for main MFD driver. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Lee Jones Signed-off-by: Ben Hutchings --- drivers/mfd/max8925-i2c.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/mfd/max8925-i2c.c +++ b/drivers/mfd/max8925-i2c.c @@ -156,9 +156,18 @@ static int __devinit max8925_probe(struc mutex_init(&chip->io_lock); chip->rtc = i2c_new_dummy(chip->i2c->adapter, RTC_I2C_ADDR); + if (!chip->rtc) { + dev_err(chip->dev, "Failed to allocate I2C device for RTC\n"); + return -ENODEV; + } i2c_set_clientdata(chip->rtc, chip); chip->adc = i2c_new_dummy(chip->i2c->adapter, ADC_I2C_ADDR); + if (!chip->adc) { + dev_err(chip->dev, "Failed to allocate I2C device for ADC\n"); + i2c_unregister_device(chip->rtc); + return -ENODEV; + } i2c_set_clientdata(chip->adc, chip); max8925_device_init(chip, pdata);