mtd: rawnand: s3c2410: Error out when ->nrsets < 0 or ->sets == NULL

All of the code in the probe path assumes ->sets != NULL and
->nrsets > 0. Error out if that's not the case to avoid dereferencing a
NULL pointer.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>

diff --git a/drivers/mtd/nand/raw/s3c2410.c b/drivers/mtd/nand/raw/s3c2410.c
index 10d81f367d26f65d0df6e5ab1765eb6ded603a0c..5a4a68790653163fd411502579756f2736fbcf78 100644 (file)
--- a/drivers/mtd/nand/raw/s3c2410.c
+++ b/drivers/mtd/nand/raw/s3c2410.c
@@ -1134,8 +1134,13 @@ static int s3c24xx_nand_probe(struct platform_device *pdev)
 
        dev_dbg(&pdev->dev, "mapped registers at %p\n", info->regs);
 
-       sets = (plat != NULL) ? plat->sets : NULL;
-       nr_sets = (plat != NULL) ? plat->nr_sets : 1;
+       if (!plat->sets || plat->nr_sets < 1) {
+               err = -EINVAL;
+               goto exit_error;
+       }
+
+       sets = plat->sets;
+       nr_sets = plat->nr_sets;
 
        info->mtd_count = nr_sets;
 
@@ -1152,7 +1157,7 @@ static int s3c24xx_nand_probe(struct platform_device *pdev)
 
        nmtd = info->mtds;
 
-       for (setno = 0; setno < nr_sets; setno++, nmtd++) {
+       for (setno = 0; setno < nr_sets; setno++, nmtd++, sets++) {
                struct mtd_info *mtd = nand_to_mtd(&nmtd->chip);
 
                pr_debug("initialising set %d (%p, info %p)\n",
@@ -1174,9 +1179,6 @@ static int s3c24xx_nand_probe(struct platform_device *pdev)
                        goto exit_error;
 
                s3c2410_nand_add_partition(info, nmtd, sets);
-
-               if (sets != NULL)
-                       sets++;
        }
 
        /* initialise the hardware */