From: Oliver Neukum <oneukum@suse.com>
To: syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
Cc: linux-media@vger.kernel.org, linux-usb@vger.kernel.org
Subject: KASAN reporting: general protection fault in flexcop_usb_probe
Date: Tue, 30 Jul 2019 09:48:27 +0200 [thread overview]
Message-ID: <1564472907.25582.16.camel@suse.com> (raw)
Reacting to this:
Title: general protection fault in flexcop_usb_probe
Last occurred: 0 days ago
Reported: 102 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=c0203bd72037d0
7493f4b7562411e4f5f4553a8f
Original thread: https://lkml.kernel.org/lkml/00000000000010fe260586
536e86@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
This looks like a bug in a media USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
#syz test: https://github.com/google/kasan.git 9a33b369
From 5a34ecc6c75479a9f245a867e1ce37e6e28f58f8 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@suse.com>
Date: Mon, 29 Jul 2019 16:21:11 +0200
Subject: [PATCH] b2c2-flexcop-usb: add sanity checking
The driver needs an isochronous endpoint to be present. It will
oops in its absence. Add checking for it.
Reported-by: syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
---
drivers/media/usb/b2c2/flexcop-usb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c
index 1826ff825c2e..1a801dc286f8 100644
--- a/drivers/media/usb/b2c2/flexcop-usb.c
+++ b/drivers/media/usb/b2c2/flexcop-usb.c
@@ -538,6 +538,9 @@ static int flexcop_usb_probe(struct usb_interface *intf,
struct flexcop_device *fc = NULL;
int ret;
+ if (intf->cur_altsetting->desc.bNumEndpoints < 1)
+ return -ENODEV;
+
if ((fc = flexcop_device_kmalloc(sizeof(struct flexcop_usb))) == NULL) {
err("out of memory\n");
return -ENOMEM;
next reply other threads:[~2019-07-30 7:48 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-30 7:48 Oliver Neukum [this message]
2019-07-30 8:30 ` general protection fault in flexcop_usb_probe syzbot
2019-09-20 16:01 ` Andrey Konovalov
2019-09-23 9:06 ` Oliver Neukum
2019-09-23 12:46 ` Andrey Konovalov
2019-09-23 12:51 ` Hans Verkuil
2019-11-07 15:02 ` Oliver Neukum
2019-11-07 15:47 ` Hans Verkuil
2019-11-08 9:07 ` Sean Young
-- strict thread matches above, loose matches on Subject: below --
2019-07-29 14:26 KASAN reporting: " Oliver Neukum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1564472907.25582.16.camel@suse.com \
--to=oneukum@suse.com \
--cc=linux-media@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.