From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fIzWi-0003OQ-DB for barebox@lists.infradead.org; Wed, 16 May 2018 16:43:53 +0000 Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1fIzWT-0002La-Gd for barebox@lists.infradead.org; Wed, 16 May 2018 18:43:29 +0200 Received: from mgr by dude.hi.pengutronix.de with local (Exim 4.91) (envelope-from ) id 1fIzWT-0000rW-9A for barebox@lists.infradead.org; Wed, 16 May 2018 18:43:29 +0200 From: Michael Grzeschik Date: Wed, 16 May 2018 18:43:28 +0200 Message-Id: <20180516164328.3254-1-m.grzeschik@pengutronix.de> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "barebox" Errors-To: barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org Subject: [PATCH] usb: gadget: fastboot: fix barebox update without using buffer To: barebox@lists.infradead.org Commit e5098495 "usb: gadget: fastboot: Add option to download to a buffer" breaks the use of temporary files for fastboot barebox_update. In the patch the ".imagefile = FASTBOOT_TMPFILE" allocation gets removed, but data.imagefile is still used. This leads to an NULL pointer dereference. We fix it by using sourcefile instead. Signed-off-by: Michael Grzeschik --- drivers/usb/gadget/f_fastboot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c index 787b1205ec..7ccf227714 100644 --- a/drivers/usb/gadget/f_fastboot.c +++ b/drivers/usb/gadget/f_fastboot.c @@ -999,7 +999,7 @@ static void cb_flash(struct f_fastboot *f_fb, const char *cmd) if (fastboot_download_to_buf(f_fb)) { data.len = f_fb->download_size; } else { - ret = read_file_2(data.imagefile, &data.len, &f_fb->buf, + ret = read_file_2(sourcefile, &data.len, &f_fb->buf, f_fb->download_size); if (ret) { fastboot_tx_print(f_fb, "FAILreading barebox"); -- 2.17.0 _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox