From 2fc0413f87ad1d5926d40b21b4310de95a5860a0 Mon Sep 17 00:00:00 2001
From: peterj <peterj@FreeBSD.org>
Date: Fri, 25 Oct 2019 19:38:02 +0000
Subject: [PATCH] Fix use of uninitialised variable.

The RK805 regs array was being allocated before it's required size was
known, causing the driver to use memory it didn't own.  That memory
was subsequently allocated and used elsewhere causing later fatal data
aborts in rk805_map().

Whilst I'm here, add a sanity check to catch unsupported PMICs (this
shouldn't ever get hit because the probe should have failed).

Reviewed by:	manu
MFC after:	1 week
Sponsored by:	Google
---
 sys/arm64/rockchip/rk805.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/sys/arm64/rockchip/rk805.c b/sys/arm64/rockchip/rk805.c
index a68a1dd66880..11a69a6976fe 100644
--- a/sys/arm64/rockchip/rk805.c
+++ b/sys/arm64/rockchip/rk805.c
@@ -467,9 +467,6 @@ rk805_attach(device_t dev)
 	if (config_intrhook_establish(&sc->intr_hook) != 0)
 		return (ENOMEM);
 
-	sc->regs = malloc(sizeof(struct rk805_reg_sc *) * sc->nregs,
-	    M_RK805_REG, M_WAITOK | M_ZERO);
-
 	sc->type = ofw_bus_search_compatible(dev, compat_data)->ocd_data;
 	switch (sc->type) {
 	case RK805:
@@ -480,8 +477,14 @@ rk805_attach(device_t dev)
 		regdefs = rk808_regdefs;
 		sc->nregs = nitems(rk808_regdefs);
 		break;
+	default:
+		device_printf(dev, "Unknown type %d\n", sc->type);
+		return (ENXIO);
 	}
 
+	sc->regs = malloc(sizeof(struct rk805_reg_sc *) * sc->nregs,
+	    M_RK805_REG, M_WAITOK | M_ZERO);
+
 	rnode = ofw_bus_find_child(ofw_bus_get_node(dev), "regulators");
 	if (rnode > 0) {
 		for (i = 0; i < sc->nregs; i++) {