From d58ab5cf09679d8cb4824e22cae900c0eab5ab31 Mon Sep 17 00:00:00 2001 From: Atsushi Nemoto Date: Tue, 10 Mar 2009 12:55:55 -0700 Subject: mtd: physmap: fix NULL pointer dereference in error path commit e480814f138cd5d78a8efe397756ba6b6518fdb6 ("[MTD] [MAPS] physmap: fix wrong free and del_mtd_{partition,device}") introduces a NULL pointer dereference in physmap_flash_remove when called from the error path in physmap_flash_probe (if map_probe failed). Call del_mtd_{partition,device} only if info->cmtd was not NULL. Reported-by: pHilipp Zabel Signed-off-by: Atsushi Nemoto Cc: David Woodhouse Cc: "Rafael J. Wysocki" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/mtd/maps/physmap.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'drivers/mtd/maps/physmap.c') diff --git a/drivers/mtd/maps/physmap.c b/drivers/mtd/maps/physmap.c index 4b122e7ab4b3..229718222db7 100644 --- a/drivers/mtd/maps/physmap.c +++ b/drivers/mtd/maps/physmap.c @@ -46,16 +46,19 @@ static int physmap_flash_remove(struct platform_device *dev) physmap_data = dev->dev.platform_data; + if (info->cmtd) { #ifdef CONFIG_MTD_PARTITIONS - if (info->nr_parts) { - del_mtd_partitions(info->cmtd); - kfree(info->parts); - } else if (physmap_data->nr_parts) - del_mtd_partitions(info->cmtd); - else - del_mtd_device(info->cmtd); + if (info->nr_parts || physmap_data->nr_parts) + del_mtd_partitions(info->cmtd); + else + del_mtd_device(info->cmtd); #else - del_mtd_device(info->cmtd); + del_mtd_device(info->cmtd); +#endif + } +#ifdef CONFIG_MTD_PARTITIONS + if (info->nr_parts) + kfree(info->parts); #endif #ifdef CONFIG_MTD_CONCAT -- cgit v1.2.3