linux-kernel - Re: [PATCH v2 14/23] media: iris: Fix NULL pointer dereference

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <7ef2daa2-a6fa-2285-6619-b2f25baabc55@quicinc.com>
Date: Mon, 28 Apr 2025 17:40:01 +0530
From: Dikshita Agarwal <quic_dikshita@...cinc.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
CC: Vikash Garodia <quic_vgarodia@...cinc.com>,
        Abhinav Kumar
	<quic_abhinavk@...cinc.com>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        Stefan Schmidt <stefan.schmidt@...aro.org>,
        Hans Verkuil
	<hverkuil@...all.nl>,
        Bjorn Andersson <andersson@...nel.org>,
        Konrad Dybcio
	<konradybcio@...nel.org>, Rob Herring <robh@...nel.org>,
        Krzysztof Kozlowski
	<krzk+dt@...nel.org>,
        Conor Dooley <conor+dt@...nel.org>,
        Bryan O'Donoghue
	<bryan.odonoghue@...aro.org>,
        Dmitry Baryshkov
	<dmitry.baryshkov@....qualcomm.com>,
        Neil Armstrong
	<neil.armstrong@...aro.org>,
        Nicolas Dufresne
	<nicolas.dufresne@...labora.com>,
        <linux-media@...r.kernel.org>, <linux-arm-msm@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <devicetree@...r.kernel.org>,
        <20250417-topic-sm8x50-iris-v10-v7-0-f020cb1d0e98@...aro.org>,
        <20250424-qcs8300_iris-v5-0-f118f505c300@...cinc.com>,
        <stable@...r.kernel.org>
Subject: Re: [PATCH v2 14/23] media: iris: Fix NULL pointer dereference



On 4/28/2025 3:10 PM, Dan Carpenter wrote:
> On Mon, Apr 28, 2025 at 02:59:02PM +0530, Dikshita Agarwal wrote:
>> A warning reported by smatch indicated a possible null pointer
>> dereference where one of the arguments to API
>> "iris_hfi_gen2_handle_system_error" could sometimes be null.
>>
>> To fix this, add a check to validate that the argument passed is not
>> null before accessing its members.
>>
>> Cc: stable@...r.kernel.org
>> Fixes: fb583a214337 ("media: iris: introduce host firmware interface with necessary hooks")
>> Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
>> Closes: https://lore.kernel.org/linux-media/634cc9b8-f099-4b54-8556-d879fb2b5169@stanley.mountain/
>> Signed-off-by: Dikshita Agarwal <quic_dikshita@...cinc.com>
>> ---
>>  drivers/media/platform/qcom/iris/iris_hfi_gen2_response.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/media/platform/qcom/iris/iris_hfi_gen2_response.c b/drivers/media/platform/qcom/iris/iris_hfi_gen2_response.c
>> index 1ed798d31a3f..cba71b5db943 100644
>> --- a/drivers/media/platform/qcom/iris/iris_hfi_gen2_response.c
>> +++ b/drivers/media/platform/qcom/iris/iris_hfi_gen2_response.c
>> @@ -267,7 +267,8 @@ static int iris_hfi_gen2_handle_system_error(struct iris_core *core,
>>  {
>>  	struct iris_inst *instance;
>>  
>> -	dev_err(core->dev, "received system error of type %#x\n", pkt->type);
>> +	if (pkt)
>> +		dev_err(core->dev, "received system error of type %#x\n", pkt->type);
> 
> I feel like it would be better to do:
> 
> 	dev_err(core->dev, "received system error of type %#x\n", pkt ? pkt->type: -1);
we don't need to print anything if pkt is NULL.

Thanks,
Dikshita
> 
> regards,
> dan carpenter
>