From 2697eff1af136c6424c065cba994aa9aceadbcd1 Mon Sep 17 00:00:00 2001 From: Wolfgang Denk Date: Wed, 28 Apr 2010 10:53:47 +0200 Subject: [PATCH] mtdparts: fix write through NULL pointer The "mtdparts add" command wrote through a NULL pointer - on many systems this went unnoticed (PowerPC has writable RAM there, some ARM systems have ROM where a write has no effect), but on arm1136 (i.MX31) it crashed the system. Add appropriate checks. Signed-off-by: Wolfgang Denk --- common/cmd_mtdparts.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/common/cmd_mtdparts.c b/common/cmd_mtdparts.c index 0b5f747141..cec154c702 100644 --- a/common/cmd_mtdparts.c +++ b/common/cmd_mtdparts.c @@ -837,14 +837,16 @@ static int device_parse(const char *const mtd_dev, const char **ret, struct mtd_ u32 offset; int err = 1; - p = mtd_dev; + DEBUGF("===device_parse===\n"); + + assert(retdev); *retdev = NULL; - *ret = NULL; - DEBUGF("===device_parse===\n"); + if (ret) + *ret = NULL; /* fetch */ - mtd_id = p; + mtd_id = p = mtd_dev; if (!(p = strchr(mtd_id, ':'))) { printf("no identifier\n"); return 1; @@ -913,12 +915,15 @@ static int device_parse(const char *const mtd_dev, const char **ret, struct mtd_ /* check for next device presence */ if (p) { if (*p == ';') { - *ret = ++p; + if (ret) + *ret = ++p; } else if (*p == '\0') { - *ret = p; + if (ret) + *ret = p; } else { printf("unexpected character '%c' at the end of device\n", *p); - *ret = NULL; + if (ret) + *ret = NULL; return 1; } } -- 2.39.2