mtd: physmap_of: fix potential NULL dereference

On device remove, when testing the cmtd field of an of_flash
struct to decide whether it is a concatenated device or not,
we get a false positive on cmtd == NULL, and dereference it
subsequently. This may occur if of_flash_remove() is called
from the cleanup path of of_flash_probe().

Instead, test for NULL first, and only then perform the test
for a concatenated device.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>

diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c
index c1d21cb..e489304 100644 (file)
--- a/drivers/mtd/maps/physmap_of.c
+++ b/drivers/mtd/maps/physmap_of.c
@@ -47,14 +47,12 @@ static int of_flash_remove(struct platform_device *dev)
                return 0;
        dev_set_drvdata(&dev->dev, NULL);
 
-       if (info->cmtd != info->list[0].mtd) {
+       if (info->cmtd) {
                mtd_device_unregister(info->cmtd);
-               mtd_concat_destroy(info->cmtd);
+               if (info->cmtd != info->list[0].mtd)
+                       mtd_concat_destroy(info->cmtd);
        }
 
-       if (info->cmtd)
-               mtd_device_unregister(info->cmtd);
-
        for (i = 0; i < info->list_size; i++) {
                if (info->list[i].mtd)
                        map_destroy(info->list[i].mtd);