| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210811161515.17842-1-lutovinova@ispras.ru>
Date: Wed, 11 Aug 2021 19:15:14 +0300
From: Nadezda Lutovinova <lutovinova@...ras.ru>
To: Marc Hulsman <m.hulsman@...elft.nl>
Cc: Nadezda Lutovinova <lutovinova@...ras.ru>,
Jean Delvare <jdelvare@...e.com>,
Guenter Roeck <linux@...ck-us.net>,
Rudolf Marek <r.marek@...embler.cz>,
linux-hwmon@...r.kernel.org, linux-kernel@...r.kernel.org,
ldv-project@...uxtesting.org
Subject: hwmon: Error handling in w83793.c, w83791d.c, w83792d.c
In w83793_detect_subclients(): if driver read tmp value sufficient for
(tmp & 0x08) && (!(tmp & 0x80)) && ((tmp & 0x7) == ((tmp >> 4) & 0x7))
from device then Null pointer dereference occurs.
(It is possible if tmp = 0b0xyz1xyz, where same chars mean same numbers).
It can be fixed just by adding a checking for null pointer, patch for
this is in the next letter. But a question arised:
The array w83793_data->lm75 is used once in this function after switching
to devm_i2c_new_dummy_device() instead of i2c_new_dummy(). And this
function is called once (from w83793_probe()). Maybe this array should be
deleted from struct w83793_data?
The same situation in w83791d.c and in w83792d.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Nadezda Lutovinova <lutovinova@...ras.ru>
Powered by blists - more mailing lists