From aff1eb4e3dd13ee419c6cd76baf1bcc2edeaaa86 Mon Sep 17 00:00:00 2001
From: Lars-Peter Clausen <lars@metafoo.de>
Date: Fri, 15 Jun 2012 18:08:59 +0200
Subject: iio: buffer: Fix NULL pointer deref caused by empty scan mask

iio_scan_mask_match() returns NULL if the passed in scan mask is empty. This
will happen if no channel has been selected and buffer is enabled.
iio_sw_buffer_preenable() will assign NULL to indio_dev->active_scan_mask in
this case. As a result iio_update_demux() will cause a NULL pointer deref,
because it expects active_scan_mask to be non-NULL.

Since it does not make much sense to start data capture if there is no data to
capture this patch updates the code to fail gracefully in iio_scan_mask_match()
instead of crashing the kernel.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Acked-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/iio/industrialio-buffer.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'drivers/iio')

diff --git a/drivers/iio/industrialio-buffer.c b/drivers/iio/industrialio-buffer.c
index ac185b8694bd..2f35db93cdb6 100644
--- a/drivers/iio/industrialio-buffer.c
+++ b/drivers/iio/industrialio-buffer.c
@@ -553,6 +553,10 @@ int iio_sw_buffer_preenable(struct iio_dev *indio_dev)
 					    buffer->scan_mask);
 	else
 		indio_dev->active_scan_mask = buffer->scan_mask;
+
+	if (indio_dev->active_scan_mask == NULL)
+		return -EINVAL;
+
 	iio_update_demux(indio_dev);
 
 	if (indio_dev->info->update_scan_mode)
-- 
cgit v1.2.3-59-g8ed1b