1. Patchew
  2. linux
  3. View series

[PATCH] fbdev: atmel_lcdfb: Fix potential NULL dereference

Salah Triki posted 1 patch 2 months, 2 weeks ago 
drivers/video/fbdev/atmel_lcdfb.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
[PATCH] fbdev: atmel_lcdfb: Fix potential NULL dereference
Posted by Salah Triki 2 months, 2 weeks ago 
of_match_device() returns NULL in case of failure, so check its return
value before casting and accessing to data field in order to prevent NULL
dereference.

Signed-off-by: Salah Triki <salah.triki@gmail.com>
---
 drivers/video/fbdev/atmel_lcdfb.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/video/fbdev/atmel_lcdfb.c b/drivers/video/fbdev/atmel_lcdfb.c
index 9dfbc5310210..b1017ac9c73b 100644
--- a/drivers/video/fbdev/atmel_lcdfb.c
+++ b/drivers/video/fbdev/atmel_lcdfb.c
@@ -922,6 +922,7 @@ static int atmel_lcdfb_of_init(struct atmel_lcdfb_info *sinfo)
 	struct device *dev = &sinfo->pdev->dev;
 	struct device_node *np =dev->of_node;
 	struct device_node *display_np;
+	const struct of_device_id *match;
 	struct atmel_lcdfb_power_ctrl_gpio *og;
 	bool is_gpio_power = false;
 	struct fb_videomode fb_vm;
@@ -930,8 +931,11 @@ static int atmel_lcdfb_of_init(struct atmel_lcdfb_info *sinfo)
 	int ret;
 	int i;
 
-	sinfo->config = (struct atmel_lcdfb_config*)
-		of_match_device(atmel_lcdfb_dt_ids, dev)->data;
+	match = of_match_device(atmel_lcdfb_dt_ids, dev);
+	if (!match)
+		return -ENODEV;
+
+	sinfo->config = (struct atmel_lcdfb_config *)match->data;
 
 	display_np = of_parse_phandle(np, "display", 0);
 	if (!display_np) {
-- 
2.43.0
Re: [PATCH] fbdev: atmel_lcdfb: Fix potential NULL dereference
Posted by Alexandre Belloni 2 months, 1 week ago 
On 24/07/2025 03:56:45+0100, Salah Triki wrote:
> of_match_device() returns NULL in case of failure, so check its return
> value before casting and accessing to data field in order to prevent NULL
> dereference.
> 
> Signed-off-by: Salah Triki <salah.triki@gmail.com>
> ---
>  drivers/video/fbdev/atmel_lcdfb.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/video/fbdev/atmel_lcdfb.c b/drivers/video/fbdev/atmel_lcdfb.c
> index 9dfbc5310210..b1017ac9c73b 100644
> --- a/drivers/video/fbdev/atmel_lcdfb.c
> +++ b/drivers/video/fbdev/atmel_lcdfb.c
> @@ -922,6 +922,7 @@ static int atmel_lcdfb_of_init(struct atmel_lcdfb_info *sinfo)
>  	struct device *dev = &sinfo->pdev->dev;
>  	struct device_node *np =dev->of_node;
>  	struct device_node *display_np;
> +	const struct of_device_id *match;
>  	struct atmel_lcdfb_power_ctrl_gpio *og;
>  	bool is_gpio_power = false;
>  	struct fb_videomode fb_vm;
> @@ -930,8 +931,11 @@ static int atmel_lcdfb_of_init(struct atmel_lcdfb_info *sinfo)
>  	int ret;
>  	int i;
>  
> -	sinfo->config = (struct atmel_lcdfb_config*)
> -		of_match_device(atmel_lcdfb_dt_ids, dev)->data;
> +	match = of_match_device(atmel_lcdfb_dt_ids, dev);
> +	if (!match)
> +		return -ENODEV;

This is dead code, it will never happen because atmel_lcdfb_of_init is only
called from atmel_lcdfb_probe which will only be called when there is a match.

> +
> +	sinfo->config = (struct atmel_lcdfb_config *)match->data;
>  
>  	display_np = of_parse_phandle(np, "display", 0);
>  	if (!display_np) {
> -- 
> 2.43.0
> 

-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.