| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Dec 2022 21:58:31 +0100
From: Tanmay Bhushan <007047221b@...il.com>
To: Laurent Pinchart <laurent.pinchart@...asonboard.com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-media@...r.kernel.org, linux-staging@...ts.linux.dev,
linux-kernel@...r.kernel.org
Subject: [PATCH] media: staging: media: omap4iss: Fix null dereference for
iss
>From 7aa39c0d02bddf9cfa14762f115303b79bfa0ae3 Mon Sep 17 00:00:00 2001
From: Tanmay Bhushan <007047221b@...il.com>
Date: Wed, 28 Dec 2022 21:01:16 +0100
Subject: [PATCH] media: staging: media: omap4iss: Fix null dereference
for iss
media_pad_remote_pad_first returns NULL in some cases but while using
the return value was used without NULL check which will lead to panic
in case of NULL return. iss_pipeline_is_last returns value check so
have returned 0 in case of NULL and csi2_configure is not documented
for such cases so returned EINVAL for it. Code is not tested
as it is only for NULL dereference verification.
Signed-off-by: Tanmay Bhushan <007047221b@...il.com>
---
drivers/staging/media/omap4iss/iss.c | 6 +++++-
drivers/staging/media/omap4iss/iss_csi2.c | 4 ++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/media/omap4iss/iss.c
b/drivers/staging/media/omap4iss/iss.c
index fa2a36d829d3..3f01eeff40e7 100644
--- a/drivers/staging/media/omap4iss/iss.c
+++ b/drivers/staging/media/omap4iss/iss.c
@@ -552,7 +552,11 @@ static int iss_pipeline_is_last(struct
media_entity *me)
if (!pipe || pipe->stream_state ==
ISS_PIPELINE_STREAM_STOPPED)
return 0;
pad = media_pad_remote_pad_first(&pipe->output->pad);
- return pad->entity == me;
+
+ if (pad)
+ return pad->entity == me;
+
+ return 0;
}
static int iss_reset(struct iss_device *iss)
diff --git a/drivers/staging/media/omap4iss/iss_csi2.c
b/drivers/staging/media/omap4iss/iss_csi2.c
index 04ce0e7eb557..ab2c2ad64464 100644
--- a/drivers/staging/media/omap4iss/iss_csi2.c
+++ b/drivers/staging/media/omap4iss/iss_csi2.c
@@ -539,6 +539,10 @@ static int csi2_configure(struct iss_csi2_device
*csi2)
return -EBUSY;
pad = media_pad_remote_pad_first(&csi2->pads[CSI2_PAD_SINK]);
+
+ if (!pad)
+ return -EINVAL;
+
sensor = media_entity_to_v4l2_subdev(pad->entity);
pdata = sensor->host_priv;
--
2.34.1
Powered by blists - more mailing lists