RE: [PATCH v4] iio: frequency: admv1013: fix NULL pointer dereference on str
From: Miclaus, Antoniu
Date: Thu Mar 05 2026 - 04:47:48 EST
> -----Original Message-----
> From: Andy Shevchenko <andy.shevchenko@xxxxxxxxx>
> Sent: Thursday, March 5, 2026 11:36 AM
> To: Miclaus, Antoniu <Antoniu.Miclaus@xxxxxxxxxx>
> Cc: Lars-Peter Clausen <lars@xxxxxxxxxx>; Hennerich, Michael
> <Michael.Hennerich@xxxxxxxxxx>; Jonathan Cameron <jic23@xxxxxxxxxx>;
> David Lechner <dlechner@xxxxxxxxxxxx>; Sa, Nuno <Nuno.Sa@xxxxxxxxxx>;
> Andy Shevchenko <andy@xxxxxxxxxx>; linux-iio@xxxxxxxxxxxxxxx; linux-
> kernel@xxxxxxxxxxxxxxx
> Subject: Re: [PATCH v4] iio: frequency: admv1013: fix NULL pointer
> dereference on str
>
> [External]
>
> On Thu, Mar 5, 2026 at 11:15 AM Antoniu Miclaus
> <antoniu.miclaus@xxxxxxxxxx> wrote:
> >
> > When device_property_read_string() fails, str is left uninitialized
> > but the code falls through to strcmp(str, ...), dereferencing a garbage
> > pointer. Replace manual read/strcmp with
> > device_property_match_property_string() and consolidate the SE mode
> > enums into a single sequential enum, mapping to hardware register
> > values via a switch consistent with other bitfields in the driver.
>
> ...
>
> > static int admv1013_init(struct admv1013_state *st, int vcm_uv)
>
> > - data = FIELD_PREP(ADMV1013_QUAD_SE_MODE_MSK, st-
> >quad_se_mode);
> > + switch (st->quad_se_mode) {
> > + case ADMV1013_SE_MODE_POS:
> > + data = 6;
> > + break;
> > + case ADMV1013_SE_MODE_NEG:
> > + data = 9;
> > + break;
> > + case ADMV1013_SE_MODE_DIFF:
> > + data = 12;
> > + break;
> > + default:
> > + return -EINVAL;
> > + }
>
> Oh, I haven't realised that it can be done like this. I have in mind
> just to have a switch in the probe, so we don't need to do that again
> and again. Otherwise looks good to me.
>
Hmm, the _init() function is called only in the probe.
I think it makes a bit more sense to be here where we handle all the initial register configurations.
Regards,
> --
> With Best Regards,
> Andy Shevchenko