From 67dab0377ce1c02f6c76915daa9765f755b73daf Mon Sep 17 00:00:00 2001
From: Vipin Deep Kaur <vkaur@codeaurora.org>
Date: Mon, 5 Aug 2019 12:15:36 +0530
Subject: i2c-msm-v2: Add NULL pointer check on i2c messages

Add check in i2c driver to ensure the client passes valid messages
for i2c transfer.

Change-Id: I75ceee649d387e4324155c01d0c1e8a40342dff5
Signed-off-by: Vipin Deep Kaur <vkaur@codeaurora.org>
---
 drivers/i2c/busses/i2c-msm-v2.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/drivers/i2c/busses/i2c-msm-v2.c b/drivers/i2c/busses/i2c-msm-v2.c
index 198e55829226..870f69879237 100644
--- a/drivers/i2c/busses/i2c-msm-v2.c
+++ b/drivers/i2c/busses/i2c-msm-v2.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2018, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2014-2019, The Linux Foundation. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 and
@@ -2155,8 +2155,12 @@ static bool i2c_msm_xfer_next_buf(struct i2c_msm_ctrl *ctrl)
 {
 	struct i2c_msm_xfer_buf *cur_buf = &ctrl->xfer.cur_buf;
 	struct i2c_msg          *cur_msg = ctrl->xfer.msgs + cur_buf->msg_idx;
-	int bc_rem = cur_msg->len - cur_buf->end_idx;
+	int bc_rem = 0;
 
+	if (!cur_msg)
+		return false;
+
+	bc_rem = cur_msg->len - cur_buf->end_idx;
 	if (cur_buf->is_init && cur_buf->end_idx && bc_rem) {
 		/* not the first buffer in a message */
 
@@ -2330,17 +2334,12 @@ i2c_msm_frmwrk_xfer(struct i2c_adapter *adap, struct i2c_msg msgs[], int num)
 	struct i2c_msm_ctrl      *ctrl = i2c_get_adapdata(adap);
 	struct i2c_msm_xfer      *xfer = &ctrl->xfer;
 
-	if (num < 1) {
+	if (IS_ERR_OR_NULL(msgs) || num < 1) {
 		dev_err(ctrl->dev,
-		"error on number of msgs(%d) received\n", num);
+		"Error on msgs Accessing invalid message pointer or message buffer\n");
 		return -EINVAL;
 	}
 
-	if (IS_ERR_OR_NULL(msgs)) {
-		dev_err(ctrl->dev, " error on msgs Accessing invalid  pointer location\n");
-		return PTR_ERR(msgs);
-	}
-
 	/* if system is suspended just bail out */
 	if (ctrl->pwr_state == I2C_MSM_PM_SYS_SUSPENDED) {
 		dev_err(ctrl->dev,
-- 
cgit v1.2.3