lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 06 Mar 2014 10:31:16 +0100
From:	Krzysztof Kozlowski <>
To:	Linus Walleij <>,
	Alexandre Courbot <>,,
Cc:	Krzysztof Kozlowski <>
Subject: [PATCH 2/2] gpio: max732x: Fix possible NULL pointer dereference on
 i2c_new_dummy error

In max732x_probe() driver allocates dummy I2C device (if number of ports
is greater than 8) with i2c_new_dummy() but it does not check the return
value of this call.

In case of error (i2c_new_device(): memory allocation failure or I2C
address cannot be used) this function returns NULL which is later
dereferenced by i2c_smbus_read_byte() (called from max732x_readb()).

Signed-off-by: Krzysztof Kozlowski <>
 drivers/gpio/gpio-max732x.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/gpio/gpio-max732x.c b/drivers/gpio/gpio-max732x.c
index 74432daaf656..7c36f2b0983d 100644
--- a/drivers/gpio/gpio-max732x.c
+++ b/drivers/gpio/gpio-max732x.c
@@ -622,6 +622,13 @@ static int max732x_probe(struct i2c_client *client,
 		goto out_failed;
+	if (nr_port > 8 && !chip->client_dummy) {
+		dev_err(&client->dev,
+			"Failed to allocate second group I2C device\n");
+		ret = -ENODEV;
+		goto out_failed;
+	}
 	max732x_readb(chip, is_group_a(chip, 0), &chip->reg_out[0]);

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists