If a flash is unable to be detected, and then someone calls flash_protect on it (like the common code does in flash_init), the flash_protect logic will dereference a NULL pointer.

Since flash_protect already does sanity checking on the info structs, add a NULL pointer check in there.

Signed-off-by: Mike Frysinger vapier@gentoo.org --- common/flash.c | 9 ++++++--- 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/common/flash.c b/common/flash.c index eb4b2f5..683978e 100644 --- a/common/flash.c +++ b/common/flash.c @@ -43,15 +43,18 @@ extern flash_info_t flash_info[]; /* info for FLASH chips */ void flash_protect (int flag, ulong from, ulong to, flash_info_t *info) { - ulong b_end = info->start[0] + info->size - 1; /* bank end address */ - short s_end = info->sector_count - 1; /* index of last sector */ + ulong b_end; + short s_end; int i;

/* Do nothing if input data is bad. */ - if (info->sector_count == 0 || info->size == 0 || to < from) { + if (!info || info->sector_count == 0 || info->size == 0 || to < from) { return; }

+ s_end = info->sector_count - 1; /* index of last sector */ + b_end = info->start[0] + info->size - 1; /* bank end address */ + debug ("flash_protect %s: from 0x%08lX to 0x%08lX\n", (flag & FLAG_PROTECT_SET) ? "ON" : (flag & FLAG_PROTECT_CLEAR) ? "OFF" : "???",