| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Jan 2024 17:17:17 +0200 From: Andy Shevchenko <andy.shevchenko@...il.com> To: Zhipeng Lu <alexious@....edu.cn> Cc: Hans de Goede <hdegoede@...hat.com>, Mauro Carvalho Chehab <mchehab@...nel.org>, Sakari Ailus <sakari.ailus@...ux.intel.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Kate Hsuan <hpa@...hat.com>, Dan Carpenter <error27@...il.com>, Brent Pappas <bpappas@...pasbrent.com>, Alan Cox <alan@...ux.intel.com>, linux-media@...r.kernel.org, linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org Subject: Re: [PATCH] [v2] media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries On Thu, Jan 18, 2024 at 5:13 PM Zhipeng Lu <alexious@....edu.cn> wrote: > > The allocation failure of mycs->yuv_scaler_binary in load_video_binaries > is followed with a dereference of mycs->yuv_scaler_binary after the > following call chain: > > sh_css_pipe_load_binaries > |-> load_video_binaries (mycs->yuv_scaler_binary == NULL) > | > |-> sh_css_pipe_unload_binaries > |-> unload_video_binaries > > In unload_video_binaries, it calls to ia_css_binary_unload with argument > &pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the > same memory slot as mycs->yuv_scaler_binary. Thus, a null-pointer > dereference is triggered. Good for me now, thank you. Reviewed-by: Andy Shevchenko <andy.shevchenko@...il.com> P.S. If needed, or Hans can do it, the references to the functions can be amended in the commit message as we use the 'func()' format (w/o quotes). -- With Best Regards, Andy Shevchenko
Powered by blists - more mailing lists