| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Jun 2024 12:18:08 +0200 From: Markus Elfring <Markus.Elfring@....de> To: Ma Ke <make24@...as.ac.cn>, dri-devel@...ts.freedesktop.org, Daniel Vetter <daniel@...ll.ch>, David Airlie <airlied@...il.com>, Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>, Maxime Ripard <mripard@...nel.org>, Patrik Jakobsson <patrik.r.jakobsson@...il.com>, Thomas Zimmermann <tzimmermann@...e.de> Cc: LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes > In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is > assigned to mode, which will lead to a possible NULL pointer dereference > on failure of drm_mode_duplicate(). Add a check to avoid npd. 1. Can a wording approach (like the following) be a better change description? A null pointer is stored in the local variable “mode” after a call of the function “drm_mode_duplicate” failed. This pointer was passed to a subsequent call of the function “drm_mode_probed_add” where an undesirable dereference will be performed then. Thus add a corresponding return value check. 2. Would you like to add any tags (like “Fixes” and “Cc”) accordingly? 3. How do you think about to append parentheses to the function name in the summary phrase? 4. How do you think about to put similar results from static source code analyses into corresponding patch series? Regards, Markus
Powered by blists - more mailing lists