| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Apr 2018 13:03:15 +0300
From: Laurent Pinchart <laurent.pinchart@...asonboard.com>
To: Sakari Ailus <sakari.ailus@....fi>
Cc: Colin King <colin.king@...onical.com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
linux-media@...r.kernel.org, kernel-janitors@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] media: ispstat: don't dereference user_cfg before a null check
Hi Sakari,
On Thursday, 26 April 2018 11:37:31 EEST Sakari Ailus wrote:
> On Tue, Apr 24, 2018 at 02:06:18PM +0100, Colin King wrote:
> > From: Colin Ian King <colin.king@...onical.com>
> >
> > The pointer user_cfg (a copy of new_conf) is dereference before
> > new_conf is null checked, hence we may have a null pointer dereference
> > on user_cfg when assigning buf_size from user_cfg->buf_size. Ensure
> > this does not occur by moving the assignment of buf_size after the
> > null check.
> >
> > Detected by CoverityScan, CID#1468386 ("Dereference before null check")
> >
> > Fixes: 68e342b3068c ("[media] omap3isp: Statistics")
> > Signed-off-by: Colin Ian King <colin.king@...onical.com>
>
> Thanks for the patch.
>
> Gustavo sent effectively the same patch a moment earlier, and that patch
> got applied instead.
Isn't there a guarantee that new_buf won't be NULL ? The new_buf pointer comes
from the parg variable in video_usercopy(), which should always point to a
valid buffer given that the ioctl number specifies a non-zero size.
--
Regards,
Laurent Pinchart
Powered by blists - more mailing lists