From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Tuo Li <islituo@gmail.com>, TOTE Robot <oslab@tsinghua.edu.cn>,
Hans Verkuil <hverkuil-cisco@xs4all.nl>,
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
Sasha Levin <sashal@kernel.org>,
a.hajda@samsung.com, mchehab@kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-media@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 25/74] media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
Date: Mon, 8 Nov 2021 12:48:52 -0500 [thread overview]
Message-ID: <20211108174942.1189927-25-sashal@kernel.org> (raw)
In-Reply-To: <20211108174942.1189927-1-sashal@kernel.org>
From: Tuo Li <islituo@gmail.com>
[ Upstream commit 8515965e5e33f4feb56134348c95953f3eadfb26 ]
The variable pdev is assigned to dev->plat_dev, and dev->plat_dev is
checked in:
if (!dev->plat_dev)
This indicates both dev->plat_dev and pdev can be NULL. If so, the
function dev_err() is called to print error information.
dev_err(&pdev->dev, "No platform data specified\n");
However, &pdev->dev is an illegal address, and it is dereferenced in
dev_err().
To fix this possible null-pointer dereference, replace dev_err() with
mfc_err().
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/s5p-mfc/s5p_mfc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc.c b/drivers/media/platform/s5p-mfc/s5p_mfc.c
index b776f83e395e0..f8a5ed6bb9d7a 100644
--- a/drivers/media/platform/s5p-mfc/s5p_mfc.c
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc.c
@@ -1279,7 +1279,7 @@ static int s5p_mfc_probe(struct platform_device *pdev)
spin_lock_init(&dev->condlock);
dev->plat_dev = pdev;
if (!dev->plat_dev) {
- dev_err(&pdev->dev, "No platform data specified\n");
+ mfc_err("No platform data specified\n");
return -ENODEV;
}
--
2.33.0
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Tuo Li <islituo@gmail.com>, TOTE Robot <oslab@tsinghua.edu.cn>,
Hans Verkuil <hverkuil-cisco@xs4all.nl>,
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
Sasha Levin <sashal@kernel.org>,
a.hajda@samsung.com, mchehab@kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-media@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 25/74] media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
Date: Mon, 8 Nov 2021 12:48:52 -0500 [thread overview]
Message-ID: <20211108174942.1189927-25-sashal@kernel.org> (raw)
In-Reply-To: <20211108174942.1189927-1-sashal@kernel.org>
From: Tuo Li <islituo@gmail.com>
[ Upstream commit 8515965e5e33f4feb56134348c95953f3eadfb26 ]
The variable pdev is assigned to dev->plat_dev, and dev->plat_dev is
checked in:
if (!dev->plat_dev)
This indicates both dev->plat_dev and pdev can be NULL. If so, the
function dev_err() is called to print error information.
dev_err(&pdev->dev, "No platform data specified\n");
However, &pdev->dev is an illegal address, and it is dereferenced in
dev_err().
To fix this possible null-pointer dereference, replace dev_err() with
mfc_err().
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/s5p-mfc/s5p_mfc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc.c b/drivers/media/platform/s5p-mfc/s5p_mfc.c
index b776f83e395e0..f8a5ed6bb9d7a 100644
--- a/drivers/media/platform/s5p-mfc/s5p_mfc.c
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc.c
@@ -1279,7 +1279,7 @@ static int s5p_mfc_probe(struct platform_device *pdev)
spin_lock_init(&dev->condlock);
dev->plat_dev = pdev;
if (!dev->plat_dev) {
- dev_err(&pdev->dev, "No platform data specified\n");
+ mfc_err("No platform data specified\n");
return -ENODEV;
}
--
2.33.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-11-09 1:16 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-08 17:48 [PATCH AUTOSEL 5.4 01/74] dma-buf: WARN on dmabuf release with pending attachments Sasha Levin
2021-11-08 17:48 ` Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 02/74] drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) Sasha Levin
2021-11-08 17:48 ` Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 03/74] drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 Sasha Levin
2021-11-08 17:48 ` Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 04/74] drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 Sasha Levin
2021-11-08 17:48 ` Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 05/74] Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 06/74] Bluetooth: fix use-after-free error in lock_sock_nested() Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 07/74] drm/panel-orientation-quirks: add Valve Steam Deck Sasha Levin
2021-11-08 17:48 ` Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 08/74] platform/x86: wmi: do not fail if disabling fails Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 09/74] MIPS: lantiq: dma: add small delay after reset Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 10/74] MIPS: lantiq: dma: reset correct number of channel Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 11/74] locking/lockdep: Avoid RCU-induced noinstr fail Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 12/74] net: sched: update default qdisc visibility after Tx queue cnt changes Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 13/74] smackfs: Fix use-after-free in netlbl_catmap_walk() Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 14/74] NET: IPV4: fix error "do not initialise globals to 0" Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 15/74] x86: Increase exception stack sizes Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 16/74] mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 17/74] mwifiex: Properly initialize private structure on interface type changes Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 18/74] ath10k: high latency fixes for beacon buffer Sasha Levin
2021-11-08 17:48 ` Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 19/74] media: mt9p031: Fix corrupted frame after restarting stream Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 20/74] media: netup_unidvb: handle interrupt properly according to the firmware Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 21/74] media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() Sasha Levin
2021-11-08 17:48 ` Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 22/74] media: uvcvideo: Set capability in s_param Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 23/74] media: uvcvideo: Return -EIO for control errors Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 24/74] media: uvcvideo: Set unique vdev name based in type Sasha Levin
2021-11-08 17:48 ` Sasha Levin [this message]
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 25/74] media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() Sasha Levin
2021-11-08 17:48 ` [PATCH AUTOSEL 5.4 26/74] media: s5p-mfc: Add checking to s5p_mfc_probe() Sasha Levin
2021-11-08 17:48 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211108174942.1189927-25-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=a.hajda@samsung.com \
--cc=hverkuil-cisco@xs4all.nl \
--cc=islituo@gmail.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab+huawei@kernel.org \
--cc=mchehab@kernel.org \
--cc=oslab@tsinghua.edu.cn \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.