| Message ID | 1652856180-100582-1-git-send-email-lyz_cs@pku.edu.cn (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | iio: vadc: Fix potential dereference of NULL pointer | expand |
On Tue, May 17, 2022 at 11:43:00PM -0700, Yongzhi Liu wrote: > The return value of vadc_get_channel() needs to be checked > to avoid use of NULL pointer, which is followed by > the caller 'vadc_do_conversion' of function 'vadc_configure'. > Fix this by adding the null pointer check on prop > in function 'vadc_configure'. > > Signed-off-by: Yongzhi Liu <lyz_cs@pku.edu.cn> > --- > drivers/iio/adc/qcom-spmi-vadc.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/iio/adc/qcom-spmi-vadc.c b/drivers/iio/adc/qcom-spmi-vadc.c > index 34202ba..d99bd72 100644 > --- a/drivers/iio/adc/qcom-spmi-vadc.c > +++ b/drivers/iio/adc/qcom-spmi-vadc.c > @@ -210,6 +210,9 @@ static int vadc_configure(struct vadc_priv *vadc, > u8 decimation, mode_ctrl; > int ret; > > + if (!prop) > + return -ENODEV; > + > /* Mode selection */ > mode_ctrl = (VADC_OP_MODE_NORMAL << VADC_OP_MODE_SHIFT) | > VADC_ADC_TRIM_EN | VADC_AMUX_TRIM_EN; Shouldn't the check be done in vadc_measure_ref_points() where 'prop' is obtained, rather than deep down in the call chain? For example vadc_do_conversion() would also dereference the NULL pointer unless one of the prior function calls fails.
diff --git a/drivers/iio/adc/qcom-spmi-vadc.c b/drivers/iio/adc/qcom-spmi-vadc.c index 34202ba..d99bd72 100644 --- a/drivers/iio/adc/qcom-spmi-vadc.c +++ b/drivers/iio/adc/qcom-spmi-vadc.c @@ -210,6 +210,9 @@ static int vadc_configure(struct vadc_priv *vadc, u8 decimation, mode_ctrl; int ret; + if (!prop) + return -ENODEV; + /* Mode selection */ mode_ctrl = (VADC_OP_MODE_NORMAL << VADC_OP_MODE_SHIFT) | VADC_ADC_TRIM_EN | VADC_AMUX_TRIM_EN;
The return value of vadc_get_channel() needs to be checked to avoid use of NULL pointer, which is followed by the caller 'vadc_do_conversion' of function 'vadc_configure'. Fix this by adding the null pointer check on prop in function 'vadc_configure'. Signed-off-by: Yongzhi Liu <lyz_cs@pku.edu.cn> --- drivers/iio/adc/qcom-spmi-vadc.c | 3 +++ 1 file changed, 3 insertions(+)