* [PATCH] [media] mxl111sf: Fix potential null pointer dereference
@ 2017-08-13 10:06 Eugeniu Rosca
2017-08-13 12:31 ` Michael Ira Krufky
0 siblings, 1 reply; 2+ messages in thread
From: Eugeniu Rosca @ 2017-08-13 10:06 UTC (permalink / raw)
To: Michael Krufky, Mauro Carvalho Chehab, linux-media,
Devin Heitmueller, Hans Verkuil
Cc: Eugeniu Rosca
From: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewing the delta between cppcheck output of v4.9.39 and v4.9.40
stable updates, I stumbled on the new warning:
mxl111sf.c:80: (warning) Possible null pointer dereference: rbuf
Since copying state->rcvbuf into rbuf is not needed in the 'write-only'
scenario (i.e. calling mxl111sf_ctrl_msg() from mxl111sf_i2c_send_data()
or from mxl111sf_write_reg()), bypass memcpy() in this case.
Fixes: d90b336f3f65 ("[media] mxl111sf: Fix driver to use heap allocate buffers for USB messages")
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
---
drivers/media/usb/dvb-usb-v2/mxl111sf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/dvb-usb-v2/mxl111sf.c b/drivers/media/usb/dvb-usb-v2/mxl111sf.c
index b0d5904a4ea6..67953360fda5 100644
--- a/drivers/media/usb/dvb-usb-v2/mxl111sf.c
+++ b/drivers/media/usb/dvb-usb-v2/mxl111sf.c
@@ -77,7 +77,9 @@ int mxl111sf_ctrl_msg(struct mxl111sf_state *state,
dvb_usbv2_generic_rw(d, state->sndbuf, 1+wlen, state->rcvbuf,
rlen);
- memcpy(rbuf, state->rcvbuf, rlen);
+ if (rbuf)
+ memcpy(rbuf, state->rcvbuf, rlen);
+
mutex_unlock(&state->msg_lock);
mxl_fail(ret);
--
2.14.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] [media] mxl111sf: Fix potential null pointer dereference
2017-08-13 10:06 [PATCH] [media] mxl111sf: Fix potential null pointer dereference Eugeniu Rosca
@ 2017-08-13 12:31 ` Michael Ira Krufky
0 siblings, 0 replies; 2+ messages in thread
From: Michael Ira Krufky @ 2017-08-13 12:31 UTC (permalink / raw)
To: Eugeniu Rosca
Cc: Mauro Carvalho Chehab, linux-media, Devin Heitmueller,
Hans Verkuil, Eugeniu Rosca
On Sun, Aug 13, 2017 at 6:06 AM, Eugeniu Rosca <roscaeugeniu@gmail.com> wrote:
> From: Eugeniu Rosca <erosca@de.adit-jv.com>
>
> Reviewing the delta between cppcheck output of v4.9.39 and v4.9.40
> stable updates, I stumbled on the new warning:
>
> mxl111sf.c:80: (warning) Possible null pointer dereference: rbuf
>
> Since copying state->rcvbuf into rbuf is not needed in the 'write-only'
> scenario (i.e. calling mxl111sf_ctrl_msg() from mxl111sf_i2c_send_data()
> or from mxl111sf_write_reg()), bypass memcpy() in this case.
>
> Fixes: d90b336f3f65 ("[media] mxl111sf: Fix driver to use heap allocate buffers for USB messages")
> Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
> ---
> drivers/media/usb/dvb-usb-v2/mxl111sf.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Reviewed-by: Michael Ira Krufky <mkrufky@linuxtv.org>
Thank you for this, Eugeniu
> diff --git a/drivers/media/usb/dvb-usb-v2/mxl111sf.c b/drivers/media/usb/dvb-usb-v2/mxl111sf.c
> index b0d5904a4ea6..67953360fda5 100644
> --- a/drivers/media/usb/dvb-usb-v2/mxl111sf.c
> +++ b/drivers/media/usb/dvb-usb-v2/mxl111sf.c
> @@ -77,7 +77,9 @@ int mxl111sf_ctrl_msg(struct mxl111sf_state *state,
> dvb_usbv2_generic_rw(d, state->sndbuf, 1+wlen, state->rcvbuf,
> rlen);
>
> - memcpy(rbuf, state->rcvbuf, rlen);
> + if (rbuf)
> + memcpy(rbuf, state->rcvbuf, rlen);
> +
> mutex_unlock(&state->msg_lock);
>
> mxl_fail(ret);
> --
> 2.14.1
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-08-13 12:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-13 10:06 [PATCH] [media] mxl111sf: Fix potential null pointer dereference Eugeniu Rosca
2017-08-13 12:31 ` Michael Ira Krufky
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.