| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z65fFRKgqk-33HXI@aspen.lan>
Date: Thu, 13 Feb 2025 21:07:33 +0000
From: Daniel Thompson <danielt@...nel.org>
To: Jani Nikula <jani.nikula@...ux.intel.com>
Cc: Haoyu Li <lihaoyu499@...il.com>, Lee Jones <lee@...nel.org>,
Jingoo Han <jingoohan1@...il.com>, Helge Deller <deller@....de>,
Rob Herring <robh@...nel.org>, dri-devel@...ts.freedesktop.org,
linux-fbdev@...r.kernel.org, linux-kernel@...r.kernel.org,
chenyuan0y@...il.com, zichenxie0106@...il.com,
stable@...r.kernel.org
Subject: Re: [PATCH] drivers: video: backlight: Fix NULL Pointer Dereference
in backlight_device_register()
On Mon, Feb 03, 2025 at 03:21:23PM +0200, Jani Nikula wrote:
> On Thu, 30 Jan 2025, Haoyu Li <lihaoyu499@...il.com> wrote:
> > In the function "wled_probe", the "wled->name" is dynamically allocated
> > (wled_probe -> wled_configure -> devm_kasprintf), which is possible
> > to be null.
> >
> > In the call trace: wled_probe -> devm_backlight_device_register
> > -> backlight_device_register, this "name" variable is directly
> > dereferenced without checking. We add a null-check statement.
> >
> > Fixes: f86b77583d88 ("backlight: pm8941: Convert to using %pOFn instead of device_node.name")
> > Signed-off-by: Haoyu Li <lihaoyu499@...il.com>
> > Cc: stable@...r.kernel.org
>
> IMO whoever allocates should be responsible for checking NULL instead of
> passing NULL around and expecting everyone check their input for NULL.
Agreed. This should be fixed in at callsites.
Daniel.
Powered by blists - more mailing lists