On 09/10/2012 10:02 AM, Kim, Milo wrote:
> The datasheet name is defined in the IIO driver.
> On the other hand, the adc_channel_label is configured in
> the platform machine side.
> If the datasheet name is not matched with any adc_channel_label,
> the iio_channel_get() should be returned as error for preventing
> using invalid IIO channel data.
>
> Moreover, this patch detects NULL pointer dereference problem at early time.
> In general, the IIO driver just accesses to any member of the iio_chan_spec
> in own xxx_read_raw() function.
> If the iio_chan_spec is invalid pointer, NULL dereference problem may occur
> such like 'iio_chan_spec->channel' or 'iio_chan_spec->type'.
> If the iio_channel_get() gets failed in the IIO consumer,
> then no read_raw() operation proceeds.
>
> Signed-off-by: Milo(Woogyom) Kim <milo.kim@xxxxxx>
> ---
> drivers/iio/inkern.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iio/inkern.c b/drivers/iio/inkern.c
> index 1faa240..a5caf6b 100644
> --- a/drivers/iio/inkern.c
> +++ b/drivers/iio/inkern.c
> @@ -136,11 +136,15 @@ struct iio_channel *iio_channel_get(const char *name, const char *channel_name)
>
> channel->indio_dev = c->indio_dev;
>
> - if (c->map->adc_channel_label)
> + if (c->map->adc_channel_label) {
> channel->channel =
> iio_chan_spec_from_name(channel->indio_dev,
> c->map->adc_channel_label);
>
> + if (channel->channel == NULL)
> + return ERR_PTR(-ENODEV);
This introduces a memory leak. You need to free channel before returning.
> + }
> +
> return channel;
> }
> EXPORT_SYMBOL_GPL(iio_channel_get);
--
To unsubscribe from this list: send the line "unsubscribe linux-iio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
