Bug 200555
| Summary: | Missing check of the return value of devm_regmap_init_i2c() in drivers/iio/magnetometer/hmc5843_i2c.c | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | Jason Wood (jasonwood2031) |
| Component: | IIO | Assignee: | Virtual Assignee for Drivers/IIO (drivers_iio) |
| Status: | RESOLVED PATCH_ALREADY_AVAILABLE | ||
| Severity: | normal | CC: | andy.shevchenko |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | v4.18-rc4 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
We have sent the patch to the developers. Currently, we're formatting the patch according to the Linux development documentation. |
Function hmc5843_i2c_probe() defined in drivers/iio/magnetometer/hmc5843_i2c.c calls devm_regmap_init_i2c() which need a return value check. The returned value is dereferenced in 3 function call deeper. However, return value check is missed. Codes related to this bug are shown as follows. drivers/iio/magnetometer/hmc5843_i2c.c: 60 { 61 return hmc5843_common_probe(&cli->dev, 62: devm_regmap_init_i2c(cli, &hmc5843_i2c_regmap_config), 63 id->driver_data, id->name); 64 } --- drivers/iio/magnetometer/hmc5843_core.c: 618: int hmc5843_common_probe(struct device *dev, struct regmap *regmap, 619 enum hmc5843_ids id, const char *name) 620 { ... 634 data->regmap = regmap; ... 646 ret = hmc5843_init(data); --- drivers/iio/magnetometer/hmc5843_core.c: 569: static int hmc5843_init(struct hmc5843_data *data) 570 { 571 int ret; 572 u8 id[3]; 573 574 ret = regmap_bulk_read(data->regmap, HMC5843_ID_REG, 575 id, ARRAY_SIZE(id)); --- drivers/base/regmap/regmap.c: 2635: int regmap_bulk_read(struct regmap *map, unsigned int reg, void *val, 2636 size_t val_count) 2637 { 2638 int ret, i; 2639 size_t val_bytes = map->format.val_bytes; Thanks for attention! JW, ZG IMChecker Group, THU