| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1492939605-25977-1-git-send-email-bianpan201602@163.com>
Date: Sun, 23 Apr 2017 17:26:45 +0800
From: Pan Bian <bianpan201602@....com>
To: Erik Andren <erik.andren@...il.com>,
Hans Verkuil <hverkuil@...all.nl>,
Mauro Carvalho Chehab <mchehab@...nel.org>
Cc: linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
Pan Bian <bianpan2016@....com>
Subject: [PATCH 1/1] m5602_s5k83a: check return value of kthread_create
From: Pan Bian <bianpan2016@....com>
Function kthread_create() returns an ERR_PTR on error. However, in
function s5k83a_start(), its return value is used without validation.
This may result in a bad memory access bug. This patch fixes the bug.
Signed-off-by: Pan Bian <bianpan2016@....com>
---
drivers/media/usb/gspca/m5602/m5602_s5k83a.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/media/usb/gspca/m5602/m5602_s5k83a.c b/drivers/media/usb/gspca/m5602/m5602_s5k83a.c
index be5e25d1..6ad8d48 100644
--- a/drivers/media/usb/gspca/m5602/m5602_s5k83a.c
+++ b/drivers/media/usb/gspca/m5602/m5602_s5k83a.c
@@ -345,6 +345,11 @@ int s5k83a_start(struct sd *sd)
to assume that there is no better way of accomplishing this */
sd->rotation_thread = kthread_create(rotation_thread_function,
sd, "rotation thread");
+ if (IS_ERR(sd->rotation_thread)) {
+ err = PTR_ERR(sd->rotation_thread);
+ sd->rotation_thread = NULL;
+ return err;
+ }
wake_up_process(sd->rotation_thread);
/* Preinit the sensor */
--
1.9.1
Powered by blists - more mailing lists