From patchwork Fri Feb 28 21:23:02 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Shuah Khan X-Patchwork-Id: 3744561 Return-Path: X-Original-To: patchwork-linux-media@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id CEAA59F2F7 for ; Fri, 28 Feb 2014 21:23:43 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 1549D202A7 for ; Fri, 28 Feb 2014 21:23:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 323FE2028D for ; Fri, 28 Feb 2014 21:23:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752917AbaB1VXj (ORCPT ); Fri, 28 Feb 2014 16:23:39 -0500 Received: from qmta15.emeryville.ca.mail.comcast.net ([76.96.27.228]:59441 "EHLO qmta15.emeryville.ca.mail.comcast.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752721AbaB1VXJ (ORCPT ); Fri, 28 Feb 2014 16:23:09 -0500 Received: from omta08.emeryville.ca.mail.comcast.net ([76.96.30.12]) by qmta15.emeryville.ca.mail.comcast.net with comcast id XtAl1n0030FhH24AFxNvMR; Fri, 28 Feb 2014 21:22:55 +0000 Received: from mail.gonehiking.org ([50.134.149.16]) by omta08.emeryville.ca.mail.comcast.net with comcast id XxP71n00E0MU7Qa8UxP7lw; Fri, 28 Feb 2014 21:23:08 +0000 Received: from lorien.sisa.samsung.com (lorien-wl.internal [192.168.1.40]) by mail.gonehiking.org (Postfix) with ESMTP id 3201A46F35; Fri, 28 Feb 2014 14:23:07 -0700 (MST) From: Shuah Khan To: m.chehab@samsung.com Cc: Shuah Khan , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, shuahkhan@gmail.com Subject: [PATCH 3/3] media/drx39xyj: fix boot failure due to null pointer dereference Date: Fri, 28 Feb 2014 14:23:02 -0700 Message-Id: X-Mailer: git-send-email 1.8.3.2 In-Reply-To: References: In-Reply-To: References: MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1393622575; bh=pgh4Ui4ECUpJkpfHS0O88ygAkqMF5/ThAU6i2+T1aRY=; h=Received:Received:Received:From:To:Subject:Date:Message-Id: MIME-Version:Content-Type; b=dkF8emDAcGo25Y6Mc8Bb1zqdg18FLcHfi5RVpgsKUObwl6EfAITto6xpLVOjG6OvO zzZCx6pc4SE2lqKvUQvh9aL5ZfG3ErEGaMC409dgWUSn6pidy5yh0Jw9bZDW5tlTOw 0Gd3U/xbNqxyKynuCKfaFjyEMEhFFDHZnJvdGQ83ZscHe8JeVnpsy/Gdk0dVeV5NyP TdI2dd2Zf6jfXyaapMBYVLSpHTPxnLKKWnJhC+gbILBJqGs+6v1ewtdphzlWX8Kn4G 7sMxHuJ4CIwRM0gCzuEE4zcyDQQdca6lG2wnQ6IHCUiBYB84leIjZ56sbvhxKMIjnn oIj4oZWjS8XMw== Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP DJH_DEBUG only code path in drxbsp_i2c_write_read() dereferences w_dev_addr and subsequently w_dev_addr->user_data->i2c which results in failure during boot. This patch fixes the null pointer derefence bug as well as the following compile errors: LD arch/x86/built-in.o CC drivers/media/dvb-frontends/drx39xyj/drxj.o drivers/media/dvb-frontends/drx39xyj/drxj.c: In function ‘drxbsp_i2c_write_read’: drivers/media/dvb-frontends/drx39xyj/drxj.c:1558:25: error: redeclaration of ‘state’ with no linkage struct drx39xxj_state *state = w_dev_addr->user_data; ^ drivers/media/dvb-frontends/drx39xyj/drxj.c:1512:25: note: previous declaration of ‘state’ was here struct drx39xxj_state *state; ^ drivers/media/dvb-frontends/drx39xyj/drxj.c:1558:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] struct drx39xxj_state *state = w_dev_addr->user_data; ^ drivers/media/dvb-frontends/drx39xyj/drxj.c:1560:17: error: redeclaration of ‘msg’ with no linkage struct i2c_msg msg[2] = { ^ drivers/media/dvb-frontends/drx39xyj/drxj.c:1513:17: note: previous declaration of ‘msg’ was here struct i2c_msg msg[2]; ^ Signed-off-by: Shuah Khan --- drivers/media/dvb-frontends/drx39xyj/drxj.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/drivers/media/dvb-frontends/drx39xyj/drxj.c b/drivers/media/dvb-frontends/drx39xyj/drxj.c index 72c541a..585d891 100644 --- a/drivers/media/dvb-frontends/drx39xyj/drxj.c +++ b/drivers/media/dvb-frontends/drx39xyj/drxj.c @@ -1551,14 +1551,23 @@ int drxbsp_i2c_write_read(struct i2c_device_addr *w_dev_addr, } #ifdef DJH_DEBUG - struct drx39xxj_state *state = w_dev_addr->user_data; + if (w_dev_addr == NULL || r_dev_addr == NULL) + return 0; - struct i2c_msg msg[2] = { - {.addr = w_dev_addr->i2c_addr, - .flags = 0, .buf = wData, .len = w_count}, - {.addr = r_dev_addr->i2c_addr, - .flags = I2C_M_RD, .buf = r_data, .len = r_count}, - }; + state = w_dev_addr->user_data; + + if (state->i2c == NULL) + return 0; + + msg[0].addr = w_dev_addr->i2c_addr; + msg[0].flags = 0; + msg[0].buf = wData; + msg[0].len = w_count; + msg[1].addr = r_dev_addr->i2c_addr; + msg[1].flags = I2C_M_RD; + msg[1].buf = r_data; + msg[1].len = r_count; + num_msgs = 2; pr_debug("drx3933 i2c operation addr=%x i2c=%p, wc=%x rc=%x\n", w_dev_addr->i2c_addr, state->i2c, w_count, r_count);