[lvc-project] [PATCH] i2c: Fix NULL pointer dereference in npcm_i2c_reg_slave
Fedor Pchelkin
pchelkin at ispras.ru
Tue Jan 9 19:29:28 MSK 2024
On 24/01/09 06:25PM, Fedor Pchelkin wrote:
> Hi Rand,
>
> On 24/01/09 05:51PM, Rand Deeb wrote:
> > In the npcm_i2c_reg_slave function, a potential NULL pointer dereference
> > issue occurs when 'client' is NULL. This patch adds a proper NULL check for
> > 'client' at the beginning of the function to prevent undefined behavior.
>
> Could you please explain how npcm_i2c_reg_slave() can be called with a
> potential NULL argument?
>
> It is called via a function pointer ->reg_slave. As for 6.7 release, I
> can only see it called from i2c_slave_register() here [1], and it seems
> client definitely can't be NULL there.
>
> Maybe it can happen for another kernel release (not upstream)?
>
> [1]: https://elixir.bootlin.com/linux/latest/source/drivers/i2c/i2c-core-slave.c#L48
Just checked the related code from 5.10. And still can't see the problem
your patch is fixing.
Moreover, if the problem actually existed then other drivers
implementing the ->reg_slave function also would need the fix... So the
questions from my first reply still remain.
More information about the lvc-project
mailing list