A report from Colin Ian King pointed a CoverityScan issue where error
values on these helpers where not checked in the drivers. These
helpers could error out only in case of a software bug in driver code,
not because of a runtime/hardware error but in any cases it is safer
to handle these errors properly.
Fix the VF610 NAND controller driver implementation by checking
potential negative error values coming from these helpers.
Fixes: 1cbe30b0ddc7 ("mtd: rawnand: vf610_nfc: make use of ->exec_op()")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Miquel Raynal <miquel.raynal@xxxxxxxxxxx>
---
drivers/mtd/nand/raw/vf610_nfc.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/mtd/nand/raw/vf610_nfc.c b/drivers/mtd/nand/raw/vf610_nfc.c
index d5a22fc96878..cc88ed758685 100644
--- a/drivers/mtd/nand/raw/vf610_nfc.c
+++ b/drivers/mtd/nand/raw/vf610_nfc.c
@@ -398,6 +398,9 @@ static int vf610_nfc_cmd(struct nand_chip *chip,
int naddrs = nand_subop_get_num_addr_cyc(subop, op_id);
int i = nand_subop_get_addr_start_off(subop, op_id);
+ if (naddrs < 0 || i < 0)
+ return -EINVAL;
+
for (; i < naddrs; i++) {
u8 val = instr->ctx.addr.addrs[i];
@@ -414,6 +417,9 @@ static int vf610_nfc_cmd(struct nand_chip *chip,
if (instr && instr->type == NAND_OP_DATA_OUT_INSTR) {
trfr_sz = nand_subop_get_data_len(subop, op_id);
offset = nand_subop_get_data_start_off(subop, op_id);
+ if (trfr_sz < 0 || offset < 0)
+ return -EINVAL;
+
force8bit = instr->ctx.data.force_8bit;
/*
@@ -444,6 +450,9 @@ static int vf610_nfc_cmd(struct nand_chip *chip,
if (instr && instr->type == NAND_OP_DATA_IN_INSTR) {
trfr_sz = nand_subop_get_data_len(subop, op_id);
offset = nand_subop_get_data_start_off(subop, op_id);
+ if (trfr_sz < 0 || offset < 0)
+ return -EINVAL;
+
force8bit = instr->ctx.data.force_8bit;
code |= COMMAND_READ_DATA;
--
2.14.1
