| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7f995d57-c40b-6c32-e776-677ae1496769@gmail.com>
Date: Wed, 22 Jun 2022 13:02:23 +0100
From: "Colin King (gmail)" <colin.i.king@...il.com>
To: Roger Lu <roger.lu@...iatek.com>
Cc: AngeloGioacchino Del Regno
<angelogioacchino.delregno@...labora.com>,
Kevin Hilman <khilman@...libre.com>,
Matthias Brugger <matthias.bgg@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: soc: mediatek: SVS: introduce MTK SVS engine
Hi,
static analysis on linux-next with clang scan-build has detected a null
pointer dereference in the following commit:
commit 681a02e9500073cd8b9c25a04f06166254b5a879
Author: Roger Lu <roger.lu@...iatek.com>
Date: Mon May 16 08:43:07 2022 +0800
soc: mediatek: SVS: introduce MTK SVS engine
The issue is as follows:
static irqreturn_t svs_isr(int irq, void *data)
{
struct svs_platform *svsp = data;
struct svs_bank *svsb = NULL;
unsigned long flags;
u32 idx, int_sts, svs_en;
for (idx = 0; idx < svsp->bank_max; idx++) {
svsb = &svsp->banks[idx];
WARN(!svsb, "%s: svsb(%s) is null", __func__, svsb->name);
spin_lock_irqsave(&svs_lock, flags);
svsp->pbank = svsb;
If svsb is null, then the WARN message will dereference it when printing
svsb->name. Also, subsequent dereferences to sbsv will cause a null
pointer dereference, for example the svsp->pbank assignment.
Colin
Powered by blists - more mailing lists