storage/sdhci: Fix NULL pointer access
authorFurquan Shaikh <furquan@google.com>
Wed, 15 Jun 2016 02:07:36 +0000 (19:07 -0700)
committerchrome-bot <chrome-bot@chromium.org>
Wed, 15 Jun 2016 22:29:40 +0000 (15:29 -0700)
NULL pointer access introduced by
https://chromium-review.googlesource.com/#/c/330283

Also, check return value of bounce_buffer_start.

BUG=chrome-os-partner:54228
BRANCH=None
TEST=Compiles successfully. Did not hang at VbExGetDiskInfo on reef.

Change-Id: I4bfe3dce6e431a9955d593341fdba7d6fe24a45a
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/352770
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Freddy Paul <freddy.paul@intel.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Freddy Paul <freddy.paul@intel.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
src/drivers/storage/sdhci.c

index fdb5672..63ca642 100644 (file)
@@ -423,13 +423,16 @@ static int sdhci_send_command(MmcCtrlr *mmc_ctrl, MmcCommand *cmd,
                 */
                if (!dma_coherent(buf)) {
                        bbstate = &bbstate_val;
-                       bounce_buffer_start(bbstate, buf, len, bbflags);
+                       if (bounce_buffer_start(bbstate, buf, len, bbflags)) {
+                               printf("ERROR: Failed to get bounce buffer.\n");
+                               return -1;
+                       }
                }
        }
 
        ret = sdhci_send_command_bounced(mmc_ctrl, cmd, data, bbstate);
 
-       if (data && bbstate->bounce_buffer)
+       if (bbstate)
                bounce_buffer_stop(bbstate);
 
        return ret;