&mtd->partitions_entry is added to the parents partition list only when
DEVFS_PARTITION_FIXED is not set, but later this check is not done when
removing it from the list again. This results in NULL pointer derefs
when a mtd partition is added with DEVFS_PARTITION_FIXED set and removed
later.
Do a INIT_LIST_HEAD() on &mtd->partitions_entry so we can safely call
list_del() on it later without additional checks. This means we can
remove the existing check as well.
Signed-off-by: Sascha Hauer <s.ha...@pengutronix.de>
---
drivers/mtd/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/mtd/core.c b/drivers/mtd/core.c
index ae6b0f9cd4..97a7996cf6 100644
--- a/drivers/mtd/core.c
+++ b/drivers/mtd/core.c
@@ -688,6 +688,7 @@ int add_mtd_device(struct mtd_info *mtd, const char
*devname, int device_id)
mtd->dev.id);
INIT_LIST_HEAD(&mtd->partitions);
+ INIT_LIST_HEAD(&mtd->partitions_entry);
mtd->cdev.priv = mtd;
mtd->cdev.dev = &mtd->dev;
@@ -763,8 +764,7 @@ int del_mtd_device(struct mtd_info *mtd)
unregister_device(&mtd->dev);
free(mtd->param_size.value);
free(mtd->cdev.name);
- if (mtd->parent)
- list_del(&mtd->partitions_entry);
+ list_del(&mtd->partitions_entry);
return 0;
}
--
2.39.2
