[PATCH] drivers: spi: fix deref ater null.might in spi-uclass.c

Tom Rini trini at konsulko.com
Fri May 16 17:56:55 CEST 2025


On Fri, May 16, 2025 at 03:50:53PM +0300, ant.v.moryakov at gmail.com wrote:
> From: Anton Moryakov <ant.v.moryakov at gmail.com>
> 
> The static analyzer (Svace) reported 
> After having been compared to a NULL value at spi-uclass.c:465,
> pointer 'dev' is passed as 1st parameter in call to function 'dev_get_flags' 
> at spi-uclass.c:469, where it is dereferenced at device.h:240.
> 
> Correct explained:
> 1. Added dev && !device_active(dev) check before calling device_active()
> 2. Added explicit if (!dev) check with ret = -ENODEV setting
> 3. Protected logging in error block with if(dev) check
> 
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
> ---
>  drivers/spi/spi-uclass.c | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/spi/spi-uclass.c b/drivers/spi/spi-uclass.c
> index d6049753740..52b79223f96 100644
> --- a/drivers/spi/spi-uclass.c
> +++ b/drivers/spi/spi-uclass.c
> @@ -345,7 +345,7 @@ int spi_get_bus_and_cs(int busnum, int cs, struct udevice **busp,
>  		return ret;
>  	}
>  
> -	if (!device_active(dev)) {
> +	if (dev && !device_active(dev)) {
>  		struct spi_slave *slave;
>  
>  		ret = device_probe(dev);

Given that it looks like from a quick glance most places do not check
for dev before dereferencing perhaps this should be done in
dev_get_flags or so, and a follow-up for the places which had already
been checking.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250516/788c34a9/attachment.sig>


More information about the U-Boot mailing list