[PATCH 3/3] media/drx39xyj: fix boot failure due to null pointer dereference
From: Shuah Khan
Date: Fri Feb 28 2014 - 16:23:31 EST
DJH_DEBUG only code path in drxbsp_i2c_write_read() dereferences
w_dev_addr and subsequently w_dev_addr->user_data->i2c which results
in failure during boot. This patch fixes the null pointer derefence
bug as well as the following compile errors:
LD arch/x86/built-in.o
CC drivers/media/dvb-frontends/drx39xyj/drxj.o
drivers/media/dvb-frontends/drx39xyj/drxj.c: In function âdrxbsp_i2c_write_readâ:
drivers/media/dvb-frontends/drx39xyj/drxj.c:1558:25: error: redeclaration of âstateâ with no linkage
struct drx39xxj_state *state = w_dev_addr->user_data;
^
drivers/media/dvb-frontends/drx39xyj/drxj.c:1512:25: note: previous declaration of âstateâ was here
struct drx39xxj_state *state;
^
drivers/media/dvb-frontends/drx39xyj/drxj.c:1558:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
struct drx39xxj_state *state = w_dev_addr->user_data;
^
drivers/media/dvb-frontends/drx39xyj/drxj.c:1560:17: error: redeclaration of âmsgâ with no linkage
struct i2c_msg msg[2] = {
^
drivers/media/dvb-frontends/drx39xyj/drxj.c:1513:17: note: previous declaration of âmsgâ was here
struct i2c_msg msg[2];
^
Signed-off-by: Shuah Khan <shuah.kh@xxxxxxxxxxx>
---
drivers/media/dvb-frontends/drx39xyj/drxj.c | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/drivers/media/dvb-frontends/drx39xyj/drxj.c b/drivers/media/dvb-frontends/drx39xyj/drxj.c
index 72c541a..585d891 100644
--- a/drivers/media/dvb-frontends/drx39xyj/drxj.c
+++ b/drivers/media/dvb-frontends/drx39xyj/drxj.c
@@ -1551,14 +1551,23 @@ int drxbsp_i2c_write_read(struct i2c_device_addr *w_dev_addr,
}
#ifdef DJH_DEBUG
- struct drx39xxj_state *state = w_dev_addr->user_data;
+ if (w_dev_addr == NULL || r_dev_addr == NULL)
+ return 0;
- struct i2c_msg msg[2] = {
- {.addr = w_dev_addr->i2c_addr,
- .flags = 0, .buf = wData, .len = w_count},
- {.addr = r_dev_addr->i2c_addr,
- .flags = I2C_M_RD, .buf = r_data, .len = r_count},
- };
+ state = w_dev_addr->user_data;
+
+ if (state->i2c == NULL)
+ return 0;
+
+ msg[0].addr = w_dev_addr->i2c_addr;
+ msg[0].flags = 0;
+ msg[0].buf = wData;
+ msg[0].len = w_count;
+ msg[1].addr = r_dev_addr->i2c_addr;
+ msg[1].flags = I2C_M_RD;
+ msg[1].buf = r_data;
+ msg[1].len = r_count;
+ num_msgs = 2;
pr_debug("drx3933 i2c operation addr=%x i2c=%p, wc=%x rc=%x\n",
w_dev_addr->i2c_addr, state->i2c, w_count, r_count);
--
1.8.3.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/