Re: [PATCH v2 1/1] pwm: sun4i: fix a possible NULL dereference

From: Maxime Ripard
Date: Mon Aug 22 2016 - 02:57:54 EST


Hi,

On Tue, Aug 16, 2016 at 03:18:06PM +0200, LABBE Corentin wrote:
> of_match_device could return NULL, and so cause a NULL pointer
> dereference later.
>
> For fixing this problem, we use of_device_get_match_data(), this will
> simplify the code a little by using a standard function for
> getting the match data.
>
> Reported-by: coverity (CID 1324139)
> Signed-off-by: LABBE Corentin <clabbe.montjoie@xxxxxxxxx>
> ---
> drivers/pwm/pwm-sun4i.c | 5 +----
> 1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/drivers/pwm/pwm-sun4i.c b/drivers/pwm/pwm-sun4i.c
> index 03a99a5..72f0060 100644
> --- a/drivers/pwm/pwm-sun4i.c
> +++ b/drivers/pwm/pwm-sun4i.c
> @@ -309,9 +309,6 @@ static int sun4i_pwm_probe(struct platform_device *pdev)
> struct resource *res;
> u32 val;
> int i, ret;
> - const struct of_device_id *match;
> -
> - match = of_match_device(sun4i_pwm_dt_ids, &pdev->dev);
>
> pwm = devm_kzalloc(&pdev->dev, sizeof(*pwm), GFP_KERNEL);
> if (!pwm)
> @@ -326,7 +323,7 @@ static int sun4i_pwm_probe(struct platform_device *pdev)
> if (IS_ERR(pwm->clk))
> return PTR_ERR(pwm->clk);
>
> - pwm->data = match->data;
> + pwm->data = of_device_get_match_data(&pdev->dev);

How does that fix anything?

If of_match_data fails, it will return NULL, and the NULL pointer
dereference will occur in the exact same cases.

You should just check for match to be NULL, and return in this case.

Maxime

--
Maxime Ripard, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

Attachment: signature.asc
Description: PGP signature