Re: [PATCH] i2c: rcar: fix a possible NULL dereference

From: Wolfram Sang
Date: Thu Nov 12 2015 - 02:52:50 EST


On Thu, Nov 12, 2015 at 08:44:47AM +0100, Uwe Kleine-KÃnig wrote:
> Hello,
>
> On Thu, Nov 12, 2015 at 08:25:09AM +0100, LABBE Corentin wrote:
> > of_match_device could return NULL, and so cause a NULL pointer
> > dereference later.
> >
> > Reported-by: coverity (CID 1130036)
> > Signed-off-by: LABBE Corentin <clabbe.montjoie@xxxxxxxxx>
> > ---
> > drivers/i2c/busses/i2c-rcar.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
> > index b0ae560..d2bdbda 100644
> > --- a/drivers/i2c/busses/i2c-rcar.c
> > +++ b/drivers/i2c/busses/i2c-rcar.c
> > @@ -639,6 +639,7 @@ static int rcar_i2c_probe(struct platform_device *pdev)
> > struct device *dev = &pdev->dev;
> > u32 bus_speed;
> > int irq, ret;
> > + const struct of_device_id *of_id;
> >
> > priv = devm_kzalloc(dev, sizeof(struct rcar_i2c_priv), GFP_KERNEL);
> > if (!priv)
> > @@ -653,7 +654,10 @@ static int rcar_i2c_probe(struct platform_device *pdev)
> > bus_speed = 100000; /* default 100 kHz */
> > of_property_read_u32(dev->of_node, "clock-frequency", &bus_speed);
> >
> > - priv->devtype = (enum rcar_i2c_type)of_match_device(rcar_i2c_dt_ids, dev)->data;
> > + of_id = of_match_device(rcar_i2c_dt_ids, dev);
> > + if (!of_id)
> > + return -ENODEV;
> > + priv->devtype = (enum rcar_i2c_type)of_id->data;
>
> This is nearly an open coding of of_device_get_match_data. Maybe using
>
> priv->devtype = (enum rcar_i2c_type)of_device_get_match_data(dev)
>
> if good enough?
>
> Other than that, the NULL pointer dereference should only happen if the
> device was bound using the driver name. That might be worth to point out
> in the commit log. So maybe make (in a separate patch) the probe
> function fail when probed by name?

RCar is a DT only platform.

Attachment: signature.asc
Description: Digital signature