* [PATCH 2/7] USB: gadget: composite: avoid possible NULL ptr dereference
2016-07-06 18:44 [PATCH 1/7] compiler: avoid redefining symbols when running with checker Lucas Stach
@ 2016-07-06 18:44 ` Lucas Stach
2016-07-06 18:44 ` [PATCH 3/7] video: displaytimings: don't double free display timings Lucas Stach
` (4 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Lucas Stach @ 2016-07-06 18:44 UTC (permalink / raw)
To: barebox
Check if g is valid before trying to dereference it.
Signed-off-by: Lucas Stach <dev@lynxeye.de>
---
drivers/usb/gadget/composite.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
index 9e38ac4..1cfc49d 100644
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -86,7 +86,7 @@ int config_ep_by_speed(struct usb_gadget *g,
struct usb_function *f,
struct usb_ep *_ep)
{
- struct usb_composite_dev *cdev = get_gadget_data(g);
+ struct usb_composite_dev *cdev;
struct usb_endpoint_descriptor *chosen_desc = NULL;
struct usb_descriptor_header **speed_desc = NULL;
@@ -98,6 +98,8 @@ int config_ep_by_speed(struct usb_gadget *g,
if (!g || !f || !_ep)
return -EIO;
+ cdev = get_gadget_data(g);
+
/* select desired speed */
switch (g->speed) {
case USB_SPEED_SUPER:
--
2.7.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 3/7] video: displaytimings: don't double free display timings
2016-07-06 18:44 [PATCH 1/7] compiler: avoid redefining symbols when running with checker Lucas Stach
2016-07-06 18:44 ` [PATCH 2/7] USB: gadget: composite: avoid possible NULL ptr dereference Lucas Stach
@ 2016-07-06 18:44 ` Lucas Stach
2016-07-07 6:52 ` Sascha Hauer
2016-07-06 18:44 ` [PATCH 4/7] imx-bbu-nand-fcb: don't drop error return code Lucas Stach
` (3 subsequent siblings)
5 siblings, 1 reply; 9+ messages in thread
From: Lucas Stach @ 2016-07-06 18:44 UTC (permalink / raw)
To: barebox
display_timings_release() already frees the disp struct, make sure
to not try to free it again in case of an error.
Signed-off-by: Lucas Stach <dev@lynxeye.de>
---
drivers/video/of_display_timing.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/video/of_display_timing.c b/drivers/video/of_display_timing.c
index 6a5bf62..6532dd5 100644
--- a/drivers/video/of_display_timing.c
+++ b/drivers/video/of_display_timing.c
@@ -163,7 +163,8 @@ struct display_timings *of_get_display_timings(struct device_node *np)
*/
pr_err("%s: error in timing %d\n",
np->full_name, disp->num_modes + 1);
- goto timingfail;
+ display_timings_release(disp);
+ return NULL;
}
mode->name = xstrdup(entry->name);
@@ -180,8 +181,6 @@ struct display_timings *of_get_display_timings(struct device_node *np)
return disp;
-timingfail:
- display_timings_release(disp);
entryfail:
free(disp);
--
2.7.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 3/7] video: displaytimings: don't double free display timings
2016-07-06 18:44 ` [PATCH 3/7] video: displaytimings: don't double free display timings Lucas Stach
@ 2016-07-07 6:52 ` Sascha Hauer
0 siblings, 0 replies; 9+ messages in thread
From: Sascha Hauer @ 2016-07-07 6:52 UTC (permalink / raw)
To: Lucas Stach; +Cc: barebox
On Wed, Jul 06, 2016 at 08:44:36PM +0200, Lucas Stach wrote:
> display_timings_release() already frees the disp struct, make sure
> to not try to free it again in case of an error.
>
> Signed-off-by: Lucas Stach <dev@lynxeye.de>
> ---
> drivers/video/of_display_timing.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/video/of_display_timing.c b/drivers/video/of_display_timing.c
> index 6a5bf62..6532dd5 100644
> --- a/drivers/video/of_display_timing.c
> +++ b/drivers/video/of_display_timing.c
> @@ -163,7 +163,8 @@ struct display_timings *of_get_display_timings(struct device_node *np)
> */
> pr_err("%s: error in timing %d\n",
> np->full_name, disp->num_modes + 1);
> - goto timingfail;
> + display_timings_release(disp);
> + return NULL;
> }
>
> mode->name = xstrdup(entry->name);
> @@ -180,8 +181,6 @@ struct display_timings *of_get_display_timings(struct device_node *np)
>
> return disp;
>
> -timingfail:
> - display_timings_release(disp);
> entryfail:
> free(disp);
Can't we just always use display_timings_release() instead of free?
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 4/7] imx-bbu-nand-fcb: don't drop error return code
2016-07-06 18:44 [PATCH 1/7] compiler: avoid redefining symbols when running with checker Lucas Stach
2016-07-06 18:44 ` [PATCH 2/7] USB: gadget: composite: avoid possible NULL ptr dereference Lucas Stach
2016-07-06 18:44 ` [PATCH 3/7] video: displaytimings: don't double free display timings Lucas Stach
@ 2016-07-06 18:44 ` Lucas Stach
2016-07-06 18:44 ` [PATCH 5/7] imx-bbu-nand-fcb: avoid double free of dbbt_entries Lucas Stach
` (2 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Lucas Stach @ 2016-07-06 18:44 UTC (permalink / raw)
To: barebox
bit_to_flip might be negative if any uncorrectable bitflips
occured. Use int instead of unsigned type in order to properly
propagate the error.
Signed-off-by: Lucas Stach <dev@lynxeye.de>
---
common/imx-bbu-nand-fcb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/imx-bbu-nand-fcb.c b/common/imx-bbu-nand-fcb.c
index 72b7b0e..ce00ed4 100644
--- a/common/imx-bbu-nand-fcb.c
+++ b/common/imx-bbu-nand-fcb.c
@@ -259,8 +259,8 @@ static ssize_t raw_write_page(struct mtd_info *mtd, void *buf, loff_t offset)
static int read_fcb(struct mtd_info *mtd, int num, struct fcb_block **retfcb)
{
int i;
- int bitflips = 0;
- u8 parity, np, syndrome, bit_to_flip;
+ int bitflips = 0, bit_to_flip;
+ u8 parity, np, syndrome;
u8 *fcb, *ecc;
int ret;
void *rawpage;
--
2.7.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 5/7] imx-bbu-nand-fcb: avoid double free of dbbt_entries
2016-07-06 18:44 [PATCH 1/7] compiler: avoid redefining symbols when running with checker Lucas Stach
` (2 preceding siblings ...)
2016-07-06 18:44 ` [PATCH 4/7] imx-bbu-nand-fcb: don't drop error return code Lucas Stach
@ 2016-07-06 18:44 ` Lucas Stach
2016-07-06 18:44 ` [PATCH 6/7] clk: fix misleading indenting Lucas Stach
2016-07-06 18:44 ` [PATCH 7/7] blspec: use correct return type Lucas Stach
5 siblings, 0 replies; 9+ messages in thread
From: Lucas Stach @ 2016-07-06 18:44 UTC (permalink / raw)
To: barebox
The error path properly frees them already.
Signed-off-by: Lucas Stach <dev@lynxeye.de>
---
common/imx-bbu-nand-fcb.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/common/imx-bbu-nand-fcb.c b/common/imx-bbu-nand-fcb.c
index ce00ed4..1db4c5a 100644
--- a/common/imx-bbu-nand-fcb.c
+++ b/common/imx-bbu-nand-fcb.c
@@ -658,7 +658,6 @@ static int dbbt_check(struct mtd_info *mtd, int page)
needs_cleanup = 1;
} else if (ret < 0) {
pr_err("Cannot read page %d: %s\n", page, strerror(-ret));
- free(dbbt_entries);
goto out;
}
} else {
--
2.7.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 6/7] clk: fix misleading indenting
2016-07-06 18:44 [PATCH 1/7] compiler: avoid redefining symbols when running with checker Lucas Stach
` (3 preceding siblings ...)
2016-07-06 18:44 ` [PATCH 5/7] imx-bbu-nand-fcb: avoid double free of dbbt_entries Lucas Stach
@ 2016-07-06 18:44 ` Lucas Stach
2016-07-06 18:44 ` [PATCH 7/7] blspec: use correct return type Lucas Stach
5 siblings, 0 replies; 9+ messages in thread
From: Lucas Stach @ 2016-07-06 18:44 UTC (permalink / raw)
To: barebox
Signed-off-by: Lucas Stach <dev@lynxeye.de>
---
drivers/clk/clkdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/clkdev.c b/drivers/clk/clkdev.c
index d9a1c21..1bc5c6d 100644
--- a/drivers/clk/clkdev.c
+++ b/drivers/clk/clkdev.c
@@ -181,8 +181,8 @@ struct clk *clk_get(struct device_d *dev, const char *con_id)
if (dev) {
clk = of_clk_get_by_name(dev->device_node, con_id);
- if (!IS_ERR(clk))
- return clk;
+ if (!IS_ERR(clk))
+ return clk;
}
return clk_get_sys(dev_id, con_id);
--
2.7.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 7/7] blspec: use correct return type
2016-07-06 18:44 [PATCH 1/7] compiler: avoid redefining symbols when running with checker Lucas Stach
` (4 preceding siblings ...)
2016-07-06 18:44 ` [PATCH 6/7] clk: fix misleading indenting Lucas Stach
@ 2016-07-06 18:44 ` Lucas Stach
2016-07-07 7:43 ` Sascha Hauer
5 siblings, 1 reply; 9+ messages in thread
From: Lucas Stach @ 2016-07-06 18:44 UTC (permalink / raw)
To: barebox
Signed-off-by: Lucas Stach <dev@lynxeye.de>
---
common/blspec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/blspec.c b/common/blspec.c
index bf98e6b..04b20fb 100644
--- a/common/blspec.c
+++ b/common/blspec.c
@@ -253,7 +253,7 @@ static bool entry_is_of_compatible(struct blspec_entry *entry)
const char *abspath;
size_t size;
void *fdt = NULL;
- int ret;
+ bool ret;
struct device_node *root = NULL, *barebox_root;
const char *compat;
char *filename;
--
2.7.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 7/7] blspec: use correct return type
2016-07-06 18:44 ` [PATCH 7/7] blspec: use correct return type Lucas Stach
@ 2016-07-07 7:43 ` Sascha Hauer
0 siblings, 0 replies; 9+ messages in thread
From: Sascha Hauer @ 2016-07-07 7:43 UTC (permalink / raw)
To: Lucas Stach; +Cc: barebox
On Wed, Jul 06, 2016 at 08:44:40PM +0200, Lucas Stach wrote:
> Signed-off-by: Lucas Stach <dev@lynxeye.de>
> ---
> common/blspec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/common/blspec.c b/common/blspec.c
> index bf98e6b..04b20fb 100644
> --- a/common/blspec.c
> +++ b/common/blspec.c
> @@ -253,7 +253,7 @@ static bool entry_is_of_compatible(struct blspec_entry *entry)
> const char *abspath;
> size_t size;
> void *fdt = NULL;
> - int ret;
> + bool ret;
> struct device_node *root = NULL, *barebox_root;
> const char *compat;
> char *filename;
I suspect this is not the only bug in this function. We also do a:
root = of_unflatten_dtb(fdt);
if (IS_ERR(root)) {
ret = PTR_ERR(root);
goto out;
}
...
out:
return ret;
So we return 'true' when we failed unflattening the device tree, this surely
is not intended. Should the function return int instead?
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 9+ messages in thread