Function devm_clk_get() returns an ERR_PTR when it fails. However, in function bcm_get_resources(), its return value is not checked, and will result in bad memory access. 

Even though the second parameter is NULL, we find that other usages of devm_clk_get(*, NULL) have been checked.

linux-4.18-rc1\drivers\bluetooth\hci_bcm.c
static int bcm_get_resources(struct bcm_device *dev)
{
	const struct dmi_system_id *dmi_id;

	dev->name = dev_name(dev->dev);

	if (x86_apple_machine && !bcm_apple_get_resources(dev))
		return 0;

	dev->clk = devm_clk_get(dev->dev, NULL);

	dev->device_wakeup = devm_gpiod_get_optional(dev->dev, "device-wakeup",
						     GPIOD_OUT_LOW);
	if (IS_ERR(dev->device_wakeup))
		return PTR_ERR(dev->device_wakeup)

linux-4.18-rc1\drivers\bus\imx-weim.c:
  188: 	clk = devm_clk_get(&pdev->dev, NULL);
  189  	if (IS_ERR(clk))
  190  		return PTR_ERR(clk);

ZG
IMChecker Group, THU