On Tue, May 17, 2022 at 11:43:00PM -0700, Yongzhi Liu wrote: > The return value of vadc_get_channel() needs to be checked > to avoid use of NULL pointer, which is followed by > the caller 'vadc_do_conversion' of function 'vadc_configure'. > Fix this by adding the null pointer check on prop > in function 'vadc_configure'. > > Signed-off-by: Yongzhi Liu <lyz_cs@xxxxxxxxxx> > --- > drivers/iio/adc/qcom-spmi-vadc.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/iio/adc/qcom-spmi-vadc.c b/drivers/iio/adc/qcom-spmi-vadc.c > index 34202ba..d99bd72 100644 > --- a/drivers/iio/adc/qcom-spmi-vadc.c > +++ b/drivers/iio/adc/qcom-spmi-vadc.c > @@ -210,6 +210,9 @@ static int vadc_configure(struct vadc_priv *vadc, > u8 decimation, mode_ctrl; > int ret; > > + if (!prop) > + return -ENODEV; > + > /* Mode selection */ > mode_ctrl = (VADC_OP_MODE_NORMAL << VADC_OP_MODE_SHIFT) | > VADC_ADC_TRIM_EN | VADC_AMUX_TRIM_EN; Shouldn't the check be done in vadc_measure_ref_points() where 'prop' is obtained, rather than deep down in the call chain? For example vadc_do_conversion() would also dereference the NULL pointer unless one of the prior function calls fails.
