lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <884113296.400791432025608568.JavaMail.weblogic@ep2mlwas07b>
Date:	Tue, 19 May 2015 08:53:31 +0000 (GMT)
From:	Maninder Singh <maninder1.s@...sung.com>
To:	airlied@...ux.ie, treding@...dia.com, damien.lespiau@...el.com,
	airlied@...hat.com, alan@...ux.intel.com,
	dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Cc:	"v.narang@...sung.com" <v.narang@...sung.com>
Subject: [EDT][PATCh 1/1]mdfld_dsi_pkg_sender.c : Fix Possible NULL Pointer
 dereference

EP-AA9D1F29B02341529D96C06444D8471D

Hi,

There is NULL pointer check for sender after dereferencing sender in __read_panel_data as below:-
struct drm_device *dev = sender->dev;
...
if (!sender || !data || !len)

And from codeflow

mdfld_dsi_get_panel_status --> mdfld_dsi_read_mcs  --> __read_panel_data 
In mdfld_dsi_get_panel_status  & mdfld_dsi_read_mcs there is already a same check.

-----------Cut------------
 if (!sender || !data || !len) {
        DRM_ERROR("Invalid parameters\n");
        return -EINVAL;
    }
return __read_panel_data(sender, MIPI_DSI_DCS_READ, &cmd, 1,
                data, len, hs);
--------------------Cut-----------
So either we can remove this check from __read_panel_data ,
or if we want to have defensive code then below change should be included.

Subject: [PATCH 1/1] mdfld_dsi_pkg_sender.c : Initialize dev struct after NULL check of sender

Signed-off-by: Maninder Singh <maninder1.s@...sung.com>
Reviewed-By: Vaneet Narang <v.narang@...sung.com>
---
 drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
index 6b43ae3..6f2b2c9 100644
--- a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
+++ b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
@@ -520,7 +520,7 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender *sender, u8 data_type,
 			u8 *data, u16 len, u32 *data_out, u16 len_out, bool hs)
 {
 	unsigned long flags;
-	struct drm_device *dev = sender->dev;
+	struct drm_device *dev;
 	int i;
 	u32 gen_data_reg;
 	int retry = MDFLD_DSI_READ_MAX_COUNT;
@@ -530,6 +530,8 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender *sender, u8 data_type,
 		return -EINVAL;
 	}
 
+	dev = sender->dev;
+
 	/**
 	 * do reading.
 	 * 0) send out generic read request
-- 
1.7.1

Thanks
Maninder

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ