| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABvMjLTrGprdgFTP-+2XC_p+vE+tVWeYvyuLGkKj1dY7KR+JDg@mail.gmail.com>
Date: Thu, 10 Oct 2019 22:31:28 -0700
From: Yizhuo Zhai <yzhai003@....edu>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: Mark Brown <broonie@...nel.org>, linux-spi@...r.kernel.org,
linux-kernel@...r.kernel.org, Zhiyun Qian <zhiyunq@...ucr.edu>,
Chengyu Song <csong@...ucr.edu>
Subject: Re: Potential NULL pointer deference in spi
Hi Eric:
My apologies for bothering, we got those report via static analysis
and haven't got a good method to verify the path to trigger them.
Therefore I sent those email to you maintainers first since you
know much better about the details. Sorry again for your time and
I take your suggestions.
On Wed, Oct 9, 2019 at 10:48 PM Eric Dumazet <eric.dumazet@...il.com> wrote:
>
>
>
> On 10/9/19 10:37 PM, Yizhuo Zhai wrote:
> > Hi All:
> >
> > drivers/spi/spi.c:
> >
> > The function to_spi_device() could return NULL, but some callers
> > in this file does not check the return value while directly dereference
> > it, which seems potentially unsafe.
> >
> > Such callers include spidev_release(), spi_dev_check(),
> > driver_override_store(), etc.
> >
> >
>
>
> Many of your reports are completely bogus.
>
> I suggest you spend more time before sending such emails to very large audience
> and risk being ignored at some point.
>
> Thanks.
--
Kind Regards,
Yizhuo Zhai
Computer Science, Graduate Student
University of California, Riverside
Powered by blists - more mailing lists