driver: nand: qpic_nand: Fix NULL pointer dereference.

This change will fix NULL pointer dereference while reading from spi nand flash in oobbuf. The multipage read features is only to read with ecc for raw read/write the the access is page wise due to mtd layer will request only one page at a time. So don't increment oobbuf for every page while reading if already bitflips are present in spi nand flash. if so data abort will happen due to NULL pointer dereference. error: NAND read: device 0 offset 0x4480000, size 0x1000 data abort pc : [<4a9515ec>] lr : [<44000e18>] reloc pc : [<4a9515ec>] lr : [<44000e18>] sp : 4a77f6f4 ip : bbfff3dc fp : 4a783510 r10: 4a97bb40 r9 : 4a77feb0 r8 : 44000e0c r7 : 4a97ca2c r6 : 0000000f r5 : 00000004 r4 : 00000003 r3 : ffffffff r2 : 000001f4 r1 : 000000ff r0 : 44000e0c Flags: nzCv IRQs off FIQs off Mode SVC_32 Resetting CPU ... resetting ... Signed-off-by: Md Sadre Alam <mdalam@codeaurora.org> Change-Id: I435f65183b56ceef64bad7d0df7ffebe02175a66
2026-03-01 17:36:03 +01:00 · 2020-06-04 00:11:56 +05:30 · 2020-06-04 00:11:56 +05:30 · ae38a196ca
commit ae38a196ca
parent 55e06ab786
1 changed files with 2 additions and 3 deletions
--- a/drivers/mtd/nand/qpic_nand.c
+++ b/drivers/mtd/nand/qpic_nand.c
@ -3081,8 +3081,8 @@ static int qpic_nand_multi_page_read(struct mtd_info *mtd, uint32_t page,
 		}

 		if (uncorrectable_err_cws) {
-			nand_ret = qpic_nand_check_erased_page(mtd, page, (ops_datbuf + (j * mtd->writesize)),
-						       ops_oobbuf + j * 64,
+			nand_ret = qpic_nand_check_erased_page(mtd, page + j, (ops_datbuf + (j * mtd->writesize)),
+						       ops_oobbuf,
 						       uncorrectable_err_cws,
 						       &max_bitflips);
 			if (nand_ret < 0)
@ -3449,7 +3449,6 @@ static int qpic_nand_read_page_scope_multi_page(struct mtd_info *mtd,

 	start_page = ((to >> chip->page_shift));
 	num_pages = qpic_get_read_page_count(mtd, ops, to);
-
 	while (1) {

 		if (num_pages > MAX_MULTI_PAGE) {