On Thu, Sep 16, 2010 at 04:50:05PM +0800, Zang Roy-R61911 wrote:
> > On Thu, Sep 16, 2010 at 02:41:23PM +0800, Roy Zang wrote:
> > [...]
> > > -static int __devinit fsl_elbc_chip_probe(struct fsl_elbc_ctrl *ctrl,
> > > - struct device_node *node)
> > > +/*
> > > + * Currently only one elbc probe is supported.
> > > + */
> > > +static int __devinit fsl_elbc_nand_probe(struct platform_device *dev)
> > > {
> > > - struct fsl_lbc_regs __iomem *lbc = ctrl->regs;
> > > + struct fsl_lbc_regs __iomem *lbc;
> > > struct fsl_elbc_mtd *priv;
> > > struct resource res;
> > > + struct fsl_elbc_fcm_ctrl *elbc_fcm_ctrl = NULL;
> > [...]
> > > - ctrl->chips[bank] = priv;
> > > + if (fsl_lbc_ctrl_dev->nand == NULL) {
> > > + elbc_fcm_ctrl = kzalloc(sizeof(*elbc_fcm_ctrl), GFP_KERNEL);
> > > + if (!elbc_fcm_ctrl) {
> > [...]
> > > + goto err;
> > > + }
> > > + fsl_lbc_ctrl_dev->nand = elbc_fcm_ctrl;
> > > + }
> > > +
> > > + elbc_fcm_ctrl->chips[bank] = priv;
> >
> > Again, this will oops on the second probe.
> Why?
Because of a NULL dereference ("elbc_fcm_ctrl->").
I understand that you don't have to believe me, but will you believe
a compiler?
oksana:~$ cat a.c
#include <stdio.h>
#include <malloc.h>
char *foo;
void probe(void)
{
char *bar = NULL;
if (!foo) {
bar = malloc(sizeof(*bar));
if (!bar)
return;
foo = bar;
}
*bar = 'a';
}
int main(void)
{
probe();
probe();
return 0;
}
oksana:~$ gcc a.c && ./a.out
Segmentation fault
--
Anton Vorontsov
email: cbouatmai...@gmail.com
irc://irc.freenode.net/bd2
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
