lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 4 Jan 2014 22:14:13 -0800 From: Dmitry Torokhov <dmitry.torokhov@...il.com> To: Ethan Zhao <ethan.kernel@...il.com> Cc: hans.verkuil@...co.com, m.chehab@...sung.com, gregkh@...uxfoundation.org, mchehab@...hat.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH] [media] saa7146: fix a possible NULL pointer reference in saa7146_set_position On Sun, Jan 05, 2014 at 10:08:00AM +0800, Ethan Zhao wrote: > Function saa7146_format_by_fourcc() may return NULL, reference of the returned > result would cause NULL pointer issue without checking. > > Signed-off-by: Ethan Zhao <ethan.kernel@...il.com> > --- > drivers/media/common/saa7146/saa7146_hlp.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/drivers/media/common/saa7146/saa7146_hlp.c b/drivers/media/common/saa7146/saa7146_hlp.c > index be746d1..3e23eab 100644 > --- a/drivers/media/common/saa7146/saa7146_hlp.c > +++ b/drivers/media/common/saa7146/saa7146_hlp.c > @@ -575,6 +575,7 @@ static void saa7146_set_position(struct saa7146_dev *dev, int w_x, int w_y, int > */ > u32 base = (u32)(unsigned long)vv->ov_fb.base; > > + int which = 1; > struct saa7146_video_dma vdma1; > > /* calculate memory offsets for picture, look if we shall top-down-flip */ > @@ -608,10 +609,14 @@ static void saa7146_set_position(struct saa7146_dev *dev, int w_x, int w_y, int > vdma1.pitch *= -1; > } > > - vdma1.base_page = sfmt->swap; > + if (sfmt) > + vdma1.base_page = sfmt->swap; > + else > + which = 0; > + > vdma1.num_line_byte = (vv->standard->v_field<<16)+vv->standard->h_pixels; > > - saa7146_write_out_dma(dev, 1, &vdma1); > + saa7146_write_out_dma(dev, which, &vdma1); If saa7146_format_by_fourcc() returns NULL you'll crash much earlier when trying to do int depth = sfmt->depth; I am not familiar with the code by it seems you are papering over the problem. Will we ever get here with unknown pixel format? Thanks. -- Dmitry -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists