pinctrl: renesas:fix possible null pointer dereference struct pinmux_range *

Message ID 20210207150736.24382-1-alex_luca@163.com
State New
Headers show
Series
  • pinctrl: renesas:fix possible null pointer dereference struct pinmux_range *
Related show

Commit Message

Alex Feb. 7, 2021, 3:07 p.m.
From: Zhang Kun <zhangkun@cdjrlc.com>

The parameters of  sh_pfc_enum_in_range() pinmux_range *r should be checked
first for possible null ponter, especially when PINMUX_TYPE_FUNCTION as the
pinmux_type was passed by sh_pfc_config_mux().

Signed-off-by: Zhang Kun <zhangkun@cdjrlc.com>
---
 drivers/pinctrl/renesas/core.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Geert Uytterhoeven Feb. 9, 2021, 2:12 p.m. | #1
Hi Alex,

Thanks for your patch!

On Sun, Feb 7, 2021 at 4:08 PM <alex_luca@163.com> wrote:
> From: Zhang Kun <zhangkun@cdjrlc.com>

>

> The parameters of  sh_pfc_enum_in_range() pinmux_range *r should be checked

> first for possible null ponter, especially when PINMUX_TYPE_FUNCTION as the

> pinmux_type was passed by sh_pfc_config_mux().


If pinmux_type in sh_pfc_config_mux() is PINMUX_TYPE_FUNCTION or
PINMUX_TYPE_GPIO, range is indeed NULL.
But as the call

    in_range = sh_pfc_enum_in_range(enum_id, range);

is not done in case of these pinmux types, I don't see where the
problem is.  What am I missing?

> Signed-off-by: Zhang Kun <zhangkun@cdjrlc.com>


As you picked up a patch from Zhang, you should add your own SoB here.

> --- a/drivers/pinctrl/renesas/core.c

> +++ b/drivers/pinctrl/renesas/core.c

> @@ -128,6 +128,9 @@ int sh_pfc_get_pin_index(struct sh_pfc *pfc, unsigned int pin)

>

>  static int sh_pfc_enum_in_range(u16 enum_id, const struct pinmux_range *r)

>  {

> +       if (!r)

> +               return 0;

> +

>         if (enum_id < r->begin)

>                 return 0;


Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
Alex Feb. 9, 2021, 2:26 p.m. | #2
On 2/9/21 10:12 PM, Geert Uytterhoeven wrote:
> Hi Alex,

> 

> Thanks for your patch!

> 

> On Sun, Feb 7, 2021 at 4:08 PM <alex_luca@163.com> wrote:

>> From: Zhang Kun <zhangkun@cdjrlc.com>

>>

>> The parameters of  sh_pfc_enum_in_range() pinmux_range *r should be checked

>> first for possible null ponter, especially when PINMUX_TYPE_FUNCTION as the

>> pinmux_type was passed by sh_pfc_config_mux().

> 

> If pinmux_type in sh_pfc_config_mux() is PINMUX_TYPE_FUNCTION or

> PINMUX_TYPE_GPIO, range is indeed NULL.

> But as the call

> 

>     in_range = sh_pfc_enum_in_range(enum_id, range);

> 

> is not done in case of these pinmux types, I don't see where the

> problem is.  What am I missing?

> 


Oh, you are right. I think I know what I missed.
Thank you.

Alex

Patch

diff --git a/drivers/pinctrl/renesas/core.c b/drivers/pinctrl/renesas/core.c
index 2cc457279345..40bbc8366668 100644
--- a/drivers/pinctrl/renesas/core.c
+++ b/drivers/pinctrl/renesas/core.c
@@ -128,6 +128,9 @@  int sh_pfc_get_pin_index(struct sh_pfc *pfc, unsigned int pin)
 
 static int sh_pfc_enum_in_range(u16 enum_id, const struct pinmux_range *r)
 {
+	if (!r)
+		return 0;
+
 	if (enum_id < r->begin)
 		return 0;