* Fwd: Possible null pointer dereference in con_init() [not found] <CAFSR4cs_pVwH1Tcf4-pyKr3-TPtvS34Av-2jGA7L4MmTX-_4rw@mail.gmail.com> @ 2020-05-03 7:20 ` Dongyang Zhan 2020-05-03 7:44 ` Greg KH 0 siblings, 1 reply; 2+ messages in thread From: Dongyang Zhan @ 2020-05-03 7:20 UTC (permalink / raw) To: linux-serial Hi, I am a security researcher, my name is Dongyang Zhan. I found a potential bug. I hope you can help me to confirm it. Thank you. In Linux 4.10.17, function con_init() in /drivers/tty/vt/vt.c forgets to handle the failure of the memory allocation operation (e.g., vc_cons[currcons].d = vc = kzalloc(sizeof(struct vc_data), GFP_NOWAIT)). Source code and comments; vc_cons[currcons].d = vc = kzalloc(sizeof(struct vc_data), GFP_NOWAIT); INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK); tty_port_init(&vc->port); visual_init(vc, currcons, 1); vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_NOWAIT); vc_init(vc, vc->vc_rows, vc->vc_cols, currcons || !vc->vc_sw->con_save_screen); If the allocation fails, dereferencing vc will cause a null pointer dereference. ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Fwd: Possible null pointer dereference in con_init() 2020-05-03 7:20 ` Fwd: Possible null pointer dereference in con_init() Dongyang Zhan @ 2020-05-03 7:44 ` Greg KH 0 siblings, 0 replies; 2+ messages in thread From: Greg KH @ 2020-05-03 7:44 UTC (permalink / raw) To: Dongyang Zhan; +Cc: linux-serial On Sun, May 03, 2020 at 03:20:50PM +0800, Dongyang Zhan wrote: > Hi, > > I am a security researcher, my name is Dongyang Zhan. I found a potential bug. > > I hope you can help me to confirm it. > > Thank you. > > In Linux 4.10.17, function con_init() in /drivers/tty/vt/vt.c forgets > to handle the failure of the memory allocation operation (e.g., > vc_cons[currcons].d = vc = kzalloc(sizeof(struct vc_data), > GFP_NOWAIT)). > > Source code and comments; > vc_cons[currcons].d = vc = kzalloc(sizeof(struct vc_data), GFP_NOWAIT); > INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK); > tty_port_init(&vc->port); > visual_init(vc, currcons, 1); > vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_NOWAIT); > vc_init(vc, vc->vc_rows, vc->vc_cols, > currcons || !vc->vc_sw->con_save_screen); > > If the allocation fails, dereferencing vc will cause a null pointer dereference. But that allocation can not fail, so all is fine. thanks, greg k-h ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-05-03 7:44 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <CAFSR4cs_pVwH1Tcf4-pyKr3-TPtvS34Av-2jGA7L4MmTX-_4rw@mail.gmail.com> 2020-05-03 7:20 ` Fwd: Possible null pointer dereference in con_init() Dongyang Zhan 2020-05-03 7:44 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).