Re: [PATCH] iio: max9611: fix a NULL pointer dereference
On Sat, 9 Mar 2019 16:19:17 +0100
Tomasz Duszynski wrote:
> On Fri, Mar 08, 2019 at 10:51:40PM -0600, Kangjie Lu wrote:
> > of_match_device may return NULL when it fails, and in this case,
> > there will be a NULL pointer dereference. The fix returns
> > EINVAL when of_match_device returns NULL.
> >
> > Signed-off-by: Kangjie Lu
> > ---
> > drivers/iio/adc/max9611.c | 7 +--
> > 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/iio/adc/max9611.c b/drivers/iio/adc/max9611.c
> > index 917223d5ff5b..531b6614ea29 100644
> > --- a/drivers/iio/adc/max9611.c
> > +++ b/drivers/iio/adc/max9611.c
> > @@ -524,13 +524,16 @@ static int max9611_probe(struct i2c_client *client,
> > {
> > const char * const shunt_res_prop = "shunt-resistor-micro-ohms";
> > const struct device_node *of_node = client->dev.of_node;
> > - const struct of_device_id *of_id =
> > - of_match_device(max9611_of_table, >dev);
>
> Given we got to this point how this can go wrong?
If this is to squash a warning then there may be some argument
even though it can't actually fail. If there is such a warning
please put it in the patch description.
Thanks,
Jonathan
>
> > + const struct of_device_id *of_id;
> > struct max9611_dev *max9611;
> > struct iio_dev *indio_dev;
> > unsigned int of_shunt;
> > int ret;
> >
> > + of_id = of_match_device(max9611_of_table, >dev);
> > + if (!of_id)
> > + return -EINVAL;
> > +
> > indio_dev = devm_iio_device_alloc(>dev, sizeof(*max9611));
> > if (!indio_dev)
> > return -ENOMEM;
> > --
> > 2.17.1
> >
Re: [PATCH] iio: max9611: fix a NULL pointer dereference
On Fri, Mar 08, 2019 at 10:51:40PM -0600, Kangjie Lu wrote:
> of_match_device may return NULL when it fails, and in this case,
> there will be a NULL pointer dereference. The fix returns
> EINVAL when of_match_device returns NULL.
>
> Signed-off-by: Kangjie Lu
> ---
> drivers/iio/adc/max9611.c | 7 +--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/iio/adc/max9611.c b/drivers/iio/adc/max9611.c
> index 917223d5ff5b..531b6614ea29 100644
> --- a/drivers/iio/adc/max9611.c
> +++ b/drivers/iio/adc/max9611.c
> @@ -524,13 +524,16 @@ static int max9611_probe(struct i2c_client *client,
> {
> const char * const shunt_res_prop = "shunt-resistor-micro-ohms";
> const struct device_node *of_node = client->dev.of_node;
> - const struct of_device_id *of_id =
> - of_match_device(max9611_of_table, >dev);
Given we got to this point how this can go wrong?
> + const struct of_device_id *of_id;
> struct max9611_dev *max9611;
> struct iio_dev *indio_dev;
> unsigned int of_shunt;
> int ret;
>
> + of_id = of_match_device(max9611_of_table, >dev);
> + if (!of_id)
> + return -EINVAL;
> +
> indio_dev = devm_iio_device_alloc(>dev, sizeof(*max9611));
> if (!indio_dev)
> return -ENOMEM;
> --
> 2.17.1
>
[PATCH] iio: max9611: fix a NULL pointer dereference
of_match_device may return NULL when it fails, and in this case,
there will be a NULL pointer dereference. The fix returns
EINVAL when of_match_device returns NULL.
Signed-off-by: Kangjie Lu
---
drivers/iio/adc/max9611.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/iio/adc/max9611.c b/drivers/iio/adc/max9611.c
index 917223d5ff5b..531b6614ea29 100644
--- a/drivers/iio/adc/max9611.c
+++ b/drivers/iio/adc/max9611.c
@@ -524,13 +524,16 @@ static int max9611_probe(struct i2c_client *client,
{
const char * const shunt_res_prop = "shunt-resistor-micro-ohms";
const struct device_node *of_node = client->dev.of_node;
- const struct of_device_id *of_id =
- of_match_device(max9611_of_table, >dev);
+ const struct of_device_id *of_id;
struct max9611_dev *max9611;
struct iio_dev *indio_dev;
unsigned int of_shunt;
int ret;
+ of_id = of_match_device(max9611_of_table, >dev);
+ if (!of_id)
+ return -EINVAL;
+
indio_dev = devm_iio_device_alloc(>dev, sizeof(*max9611));
if (!indio_dev)
return -ENOMEM;
--
2.17.1
