| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Oct 2022 15:58:11 +0300
From: Anastasia Belova <abelova@...ralinux.ru>
To: Mauro Carvalho Chehab <mchehab@...nel.org>,
Matthias Brugger <matthias.bgg@...il.com>
Cc: Anastasia Belova <abelova@...ralinux.ru>,
Tiffany Lin <tiffany.lin@...iatek.com>,
Andrew-CT Chen <andrew-ct.chen@...iatek.com>,
Yunfei Dong <yunfei.dong@...iatek.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@...labora.com>,
Hans Verkuil <hverkuil-cisco@...all.nl>,
Nicolas Dufresne <nicolas.dufresne@...labora.com>,
linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
linux-mediatek@...ts.infradead.org, lvc-project@...uxtesting.org
Subject: [PATCH] vcodec: mediatek: add check for NULL for vsi->frm_bufs[vsi->new_fb_idx].buf.fb in vp9_swap_frm_bufs
If vsi->frm_bufs[vsi->new_fb_idx].buf.fb == NULL while cleaning
fb_free_list NULL-pointer is dereferenced.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: f77e89854b3e ("[media] vcodec: mediatek: Add Mediatek VP9 Video Decoder Driver")
Signed-off-by: Anastasia Belova <abelova@...ralinux.ru>
---
drivers/media/platform/mediatek/vcodec/vdec/vdec_vp9_if.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/mediatek/vcodec/vdec/vdec_vp9_if.c b/drivers/media/platform/mediatek/vcodec/vdec/vdec_vp9_if.c
index 70b8383f7c8e..b0679aaf6192 100644
--- a/drivers/media/platform/mediatek/vcodec/vdec/vdec_vp9_if.c
+++ b/drivers/media/platform/mediatek/vcodec/vdec/vdec_vp9_if.c
@@ -512,7 +512,7 @@ static void vp9_swap_frm_bufs(struct vdec_vp9_inst *inst)
* clean fb_free_list
*/
if (vsi->frm_bufs[vsi->new_fb_idx].ref_cnt == 0) {
- if (!vp9_is_sf_ref_fb(
+ if (vsi->frm_bufs[vsi->new_fb_idx].buf.fb != NULL && !vp9_is_sf_ref_fb(
inst, vsi->frm_bufs[vsi->new_fb_idx].buf.fb)) {
struct vdec_fb *fb;
--
2.30.2
Powered by blists - more mailing lists