mtd: pxa3xx_nand: NULL dereference in pxa3xx_nand_probe

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

"info->cmdset" gets dereferenced in __readid() so it needs to be
initialized earlier in the function. This bug was introduced in
18c81b1828f8 "mtd: pxa3xx_nand: remove the flash info in driver
structure".

Cc: stable@kernel.org [2.6.37+]
Reported-and-tested-by: Sven Neumann <s.neumann@raumfeld.com>
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

authored by

Dan Carpenter and committed by

David Woodhouse 15 years ago 52d039fd a121f643

+1 -1

1 changed file

expand all

drivers

mtd

nand

pxa3xx_nand.c

+1 -1

drivers/mtd/nand/pxa3xx_nand.c

··· 885 885 /* set info fields needed to __readid */ 886 886 info->read_id_bytes = (info->page_size == 2048) ? 4 : 2; 887 887 info->reg_ndcr = ndcr; 888 + info->cmdset = &default_cmdset; 888 889 889 890 if (__readid(info, &id)) 890 891 return -ENODEV; ··· 916 915 917 916 info->ndtr0cs0 = nand_readl(info, NDTR0CS0); 918 917 info->ndtr1cs0 = nand_readl(info, NDTR1CS0); 919 - info->cmdset = &default_cmdset; 920 918 921 919 return 0; 922 920 }