A malformed device tree could lead into a segmentation fault if the reg
value of a led is bigger than the number of leds.
A valid device tree could have only information about the last led of the
chip. Fix the device tree parsing to handle those cases.
Signed-off-by: Ricardo Ribalda Delgado <ricardo.riba...@gmail.com>
---
drivers/leds/leds-pca963x.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/leds/leds-pca963x.c b/drivers/leds/leds-pca963x.c
index edd9f45..384a4f9 100644
--- a/drivers/leds/leds-pca963x.c
+++ b/drivers/leds/leds-pca963x.c
@@ -284,13 +284,13 @@ pca963x_dt_init(struct i2c_client *client, struct
pca963x_chipdef *chip)
u32 reg;
int res;
+ res = of_property_read_u32(child, "reg", ®);
+ if ((res != 0) || (reg >= chip->n_leds))
+ continue;
led.name =
of_get_property(child, "label", NULL) ? : child->name;
led.default_trigger =
of_get_property(child, "linux,default-trigger", NULL);
- res = of_property_read_u32(child, "reg", ®);
- if (res != 0)
- continue;
pca963x_leds[reg] = led;
}
pdata = devm_kzalloc(&client->dev,
@@ -299,7 +299,7 @@ pca963x_dt_init(struct i2c_client *client, struct
pca963x_chipdef *chip)
return ERR_PTR(-ENOMEM);
pdata->leds.leds = pca963x_leds;
- pdata->leds.num_leds = count;
+ pdata->leds.num_leds = chip->n_leds;
/* default to open-drain unless totem pole (push-pull) is specified */
if (of_property_read_bool(np, "nxp,totem-pole"))
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
