lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <44a94a03.53863.175402680b1.Coremail.bodefang@iie.ac.cn>
Date:   Mon, 19 Oct 2020 17:17:46 +0800 (GMT+08:00)
From:   薄德芳 <bodefang@....ac.cn>
To:     linux-kernel@...r.kernel.org
Subject: [PATCH] drm/amd/display: fix a possible NULL pointer dereference in
 bios_parser_get_src_obj()

[Why] the func  bios_parser_get_src_obj () is similar to  bios_parser_get_dst_obj () which is fixed by the commit<a8f976473196>("drm/amd/display: Banch of smatch error and warning fixes in DC").
the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference.
[How] Initialized variable explicitly with NULL and add sanitizer.

Signed-off-by: estherbdf &lt;603571786@...com&gt;
---
 drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
index 008d4d1..94c6cca 100644
--- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
+++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
@@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
 	struct graphics_object_id *src_object_id)
 {
 	uint32_t number;
-	uint16_t *id;
+	uint16_t *id = NULL;
 	ATOM_OBJECT *object;
 	struct bios_parser *bp = BP_FROM_DCB(dcb);
 
@@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
 
 	number = get_src_obj_list(bp, object, &amp;id);
 
-	if (number &lt;= index)
+	if (number &lt;= index || !id)
 		return BP_RESULT_BADINPUT;
 
 	*src_object_id = object_id_from_bios_object_id(id[index]);
-- 
1.9.1

</a8f976473196>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ