Re: [PATCH] iio: mcp320x: Fix NULL pointer dereference
From: Michael Welling
Date: Mon Jul 13 2015 - 10:16:33 EST
On Fri, Jul 10, 2015 at 10:55:30PM +0200, Manfred Schlaegl wrote:
> On reading in_voltage_scale of we got an NULL pointer dereference Oops.
>
> The reason for this is, that mcp320x_read_raw tries to access
> chip_info->resolution from struct mcp320x, but chip_info is never set.
>
> chip_info was never set since the driver was added, but there was no
> acute problem, because it was not referenced.
> The acute problem exists since
> b12206e917ac34bec41b9ff93d37d8bd53a2b3bc
> iio: adc: mcp320x. Add support for more ADCs
>
> This patch fixes the issue by setting chip_info in mcp320x_probe.
>
> Signed-off-by: Manfred Schlaegl <manfred.schlaegl@xxxxxx>
> ---
> drivers/iio/adc/mcp320x.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/iio/adc/mcp320x.c b/drivers/iio/adc/mcp320x.c
> index 8d9c9b9..d819823 100644
> --- a/drivers/iio/adc/mcp320x.c
> +++ b/drivers/iio/adc/mcp320x.c
> @@ -299,6 +299,8 @@ static int mcp320x_probe(struct spi_device *spi)
> indio_dev->channels = chip_info->channels;
> indio_dev->num_channels = chip_info->num_channels;
>
> + adc->chip_info = chip_info;
> +
Looks good to me.
Reviewed-by: Michael Welling <mwelling@xxxxxxxx>
> adc->transfer[0].tx_buf = &adc->tx_buf;
> adc->transfer[0].len = sizeof(adc->tx_buf);
> adc->transfer[1].rx_buf = adc->rx_buf;
> --
> 1.7.10.4
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/