The "bd" argument of verify_bbt_descr() was dereferenced before it was checked for NULL.
Signed-off-by: Maarten ter Huurne <[email protected]>
---
drivers/mtd/nand/nand_bbt.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/nand/nand_bbt.c b/drivers/mtd/nand/nand_bbt.c
index 6ebd869..fc05f51 100644
--- a/drivers/mtd/nand/nand_bbt.c
+++ b/drivers/mtd/nand/nand_bbt.c
@@ -1101,12 +1101,14 @@ static void mark_bbt_region(struct mtd_info *mtd, struct nand_bbt_descr *td)
static void verify_bbt_descr(struct mtd_info *mtd, struct nand_bbt_descr *bd)
{
struct nand_chip *this = mtd->priv;
- u32 pattern_len = bd->len;
- u32 bits = bd->options & NAND_BBT_NRBITS_MSK;
- u32 table_size;
+ u32 pattern_len, bits, table_size;
if (!bd)
return;
+
+ pattern_len = bd->len;
+ bits = bd->options & NAND_BBT_NRBITS_MSK;
+
BUG_ON((this->options & NAND_USE_FLASH_BBT_NO_OOB) &&
!(this->options & NAND_USE_FLASH_BBT));
BUG_ON(!bits);
--
1.7.1
On Wed, 2011-03-16 at 15:47 +0100, Maarten ter Huurne wrote:
> The "bd" argument of verify_bbt_descr() was dereferenced before it was checked for NULL.
>
> Signed-off-by: Maarten ter Huurne <[email protected]>
Hi, this was fixed in upstream already by another person.
--
Best Regards,
Artem Bityutskiy (Артём Битюцкий)