mci_part_add records information about MMC hardware partitions and increments mci->nr_parts by one afterwards. If starting up the card succeeds, this information is then used to call mci_register_partition for each added partition. If card start up fails, registration will be skipped, but mci->nr_parts is not reset. This means that repeatedly calling device_detect will overflow the mci->part buffer and overwrite subsequent memory. Fix this by setting mci->nr_parts to zero on error. We don't need to touch mci->part as it will be overwritten by subsequent detect attempts. Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> --- drivers/mci/mci-core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mci/mci-core.c b/drivers/mci/mci-core.c index f6565b2b64dd..66ca98a414ce 100644 --- a/drivers/mci/mci-core.c +++ b/drivers/mci/mci-core.c @@ -2363,6 +2363,7 @@ static int mci_card_probe(struct mci *mci) host->clock = 0; /* disable the MCI clock */ mci_set_ios(mci); regulator_disable(host->supply); + mci->nr_parts = 0; } return rc; -- 2.39.2
