mtdparts: fix write through NULL pointer
authorWolfgang Denk <wd@denx.de>
Wed, 28 Apr 2010 08:53:47 +0000 (10:53 +0200)
committerWolfgang Denk <wd@denx.de>
Wed, 28 Apr 2010 08:53:47 +0000 (10:53 +0200)
The "mtdparts add" command wrote through a NULL pointer - on many
systems this went unnoticed (PowerPC has writable RAM there, some ARM
systems have ROM where a write has no effect), but on arm1136
(i.MX31) it crashed the system.

Add appropriate checks.

Signed-off-by: Wolfgang Denk <wd@denx.de>
common/cmd_mtdparts.c

index 0b5f747141d9090b18364c0eb2dbb3a1c25309b0..cec154c7020d8595cadac93538a3809456367632 100644 (file)
@@ -837,14 +837,16 @@ static int device_parse(const char *const mtd_dev, const char **ret, struct mtd_
        u32 offset;
        int err = 1;
 
-       p = mtd_dev;
+       DEBUGF("===device_parse===\n");
+
+       assert(retdev);
        *retdev = NULL;
-       *ret = NULL;
 
-       DEBUGF("===device_parse===\n");
+       if (ret)
+               *ret = NULL;
 
        /* fetch <mtd-id> */
-       mtd_id = p;
+       mtd_id = p = mtd_dev;
        if (!(p = strchr(mtd_id, ':'))) {
                printf("no <mtd-id> identifier\n");
                return 1;
@@ -913,12 +915,15 @@ static int device_parse(const char *const mtd_dev, const char **ret, struct mtd_
        /* check for next device presence */
        if (p) {
                if (*p == ';') {
-                       *ret = ++p;
+                       if (ret)
+                               *ret = ++p;
                } else if (*p == '\0') {
-                       *ret = p;
+                       if (ret)
+                               *ret = p;
                } else {
                        printf("unexpected character '%c' at the end of device\n", *p);
-                       *ret = NULL;
+                       if (ret)
+                               *ret = NULL;
                        return 1;
                }
        }