Re: [PATCH] MFD: prevent null pointer dereference in mfd_add_device

From: Florian Fainelli
Date: Sat May 15 2010 - 16:02:15 EST


Hi Samuel,

I just saw that your for-next branch contains the proper fix, this patch can be
discarded.

Le samedi 15 mai 2010 21:57:10, Florian Fainelli a Ãcrit :
> If a driver calls mfd_add_device with a NULL argument for the mem_base
> resource we will end up dereferencing it without checking for its validity
> here: res[r].start = mem_base->start cell->resources[r].start; (line 53 of
> mfd-core.c)
>
> This patch adds the checking on the mem_base argument and bails out
> accordingly if it is NULL.
>
> Signed-off-by: Florian Fainelli <florian@xxxxxxxxxxx>
> CC: stable@xxxxxxxxxx
> ---
> diff --git a/drivers/mfd/mfd-core.c b/drivers/mfd/mfd-core.c
> index 8ffbb7a..f890b27 100644
> --- a/drivers/mfd/mfd-core.c
> +++ b/drivers/mfd/mfd-core.c
> @@ -49,6 +49,8 @@ static int mfd_add_device(struct device *parent, int id,
>
> /* Find out base to use */
> if (cell->resources[r].flags & IORESOURCE_MEM) {
> + if (!mem_base)
> + goto fail_res;
> res[r].parent = mem_base;
> res[r].start = mem_base->start +
> cell->resources[r].start;
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/