[PATCH] drivers: spi: fix deref ater null.might in spi-uclass.c
Tom Rini
trini at konsulko.com
Fri May 16 17:56:55 CEST 2025
On Fri, May 16, 2025 at 03:50:53PM +0300, ant.v.moryakov at gmail.com wrote:
> From: Anton Moryakov <ant.v.moryakov at gmail.com>
>
> The static analyzer (Svace) reported
> After having been compared to a NULL value at spi-uclass.c:465,
> pointer 'dev' is passed as 1st parameter in call to function 'dev_get_flags'
> at spi-uclass.c:469, where it is dereferenced at device.h:240.
>
> Correct explained:
> 1. Added dev && !device_active(dev) check before calling device_active()
> 2. Added explicit if (!dev) check with ret = -ENODEV setting
> 3. Protected logging in error block with if(dev) check
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
> ---
> drivers/spi/spi-uclass.c | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/spi/spi-uclass.c b/drivers/spi/spi-uclass.c
> index d6049753740..52b79223f96 100644
> --- a/drivers/spi/spi-uclass.c
> +++ b/drivers/spi/spi-uclass.c
> @@ -345,7 +345,7 @@ int spi_get_bus_and_cs(int busnum, int cs, struct udevice **busp,
> return ret;
> }
>
> - if (!device_active(dev)) {
> + if (dev && !device_active(dev)) {
> struct spi_slave *slave;
>
> ret = device_probe(dev);
Given that it looks like from a quick glance most places do not check
for dev before dereferencing perhaps this should be done in
dev_get_flags or so, and a follow-up for the places which had already
been checking.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250516/788c34a9/attachment.sig>
More information about the U-Boot
mailing list