On Thursday, May 18, 2017 06:01 PM, jiada_w...@mentor.com wrote:
From: Jiada Wang <jiada_w...@mentor.com>
In case either transfer->tx_buf or transfer->rx_buf is NULL,
manipulation of buffer in spi_imx_u32_swap_u[8|16]() will cause
NULL pointer dereference crash.
Add buffer check at very beginning of spi_imx_u32_swap_u[8|16](),
to avoid such crash.
Signed-off-by: Jiada Wang <jiada_w...@mentor.com>
Reported-by: Leonard Crestez <leonard.cres...@nxp.com>
---
drivers/spi/spi-imx.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
index 782045f..19b30cf 100644
--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c
@@ -288,6 +288,9 @@ static void spi_imx_u32_swap_u8(struct spi_transfer
*transfer, u32 *buf)
{
int i;
+ if (!buf)
+ return;
+
for (i = 0; i < transfer->len / 4; i++)
*(buf + i) = cpu_to_be32(*(buf + i));
}
@@ -296,6 +299,9 @@ static void spi_imx_u32_swap_u16(struct spi_transfer
*transfer, u32 *buf)
{
int i;
+ if (!buf)
+ return;
+
for (i = 0; i < transfer->len / 4; i++) {
u16 *temp = (u16 *)buf;
Hi, thanks for the patch.
But I think we missing something here. We return from a void function()
so the error keeps hidden. The root cause is calling this functions with a NULL
pointer. See if you can fix this by find the caller and check if the parameter
hand over are valid.
Cheers
Chris
--
GTSYS Limited RFID Technology
9/F, Unit E, R07, Kwai Shing Industrial Building Phase 2,
42-46 Tai Lin Pai Road, Kwai Chung, N.T., Hong Kong
Tel (852) 9079 9521
Disclaimer: http://www.gtsys.com.hk/email/classified.html
