On Tue, Jan 9, 2024 at 4:52 PM Rand Deeb <rand.sec96@xxxxxxxxx> wrote:
>
> In the npcm_i2c_reg_slave function, a potential NULL pointer dereference
> issue occurs when 'client' is NULL. This patch adds a proper NULL check for
> 'client' at the beginning of the function to prevent undefined behavior.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Rand Deeb <rand.sec96@xxxxxxxxx>
> ---
> drivers/i2c/busses/i2c-npcm7xx.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/i2c/busses/i2c-npcm7xx.c b/drivers/i2c/busses/i2c-npcm7xx.c
> index c1b679737240..cfabfb50211d 100644
> --- a/drivers/i2c/busses/i2c-npcm7xx.c
> +++ b/drivers/i2c/busses/i2c-npcm7xx.c
> @@ -1243,13 +1243,14 @@ static irqreturn_t npcm_i2c_int_slave_handler(struct npcm_i2c *bus)
> static int npcm_i2c_reg_slave(struct i2c_client *client)
> {
> unsigned long lock_flags;
> - struct npcm_i2c *bus = i2c_get_adapdata(client->adapter);
> -
> - bus->slave = client;
> + struct npcm_i2c *bus;
>
> - if (!bus->slave)
> + if (!client)
> return -EINVAL;
>
> + bus = i2c_get_adapdata(client->adapter);
> + bus->slave = client;
> +
> if (client->flags & I2C_CLIENT_TEN)
> return -EAFNOSUPPORT;
>
> --
> 2.34.1
>
Thanks for the patch!
Reviewed-by:tali.perry1@xxxxxxxxx
