lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20250724032534.1638187-1-chenyuan0y@gmail.com>
Date: Wed, 23 Jul 2025 22:25:34 -0500
From: Chenyuan Yang <chenyuan0y@...il.com>
To: s.hauer@...gutronix.de,
	deller@....de
Cc: kernel@...gutronix.de,
	shawnguo@...nel.org,
	festevam@...il.com,
	msp@...libre.com,
	plagnioj@...osoft.com,
	linux-fbdev@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org,
	dri-devel@...ts.freedesktop.org,
	imx@...ts.linux.dev,
	linux-kernel@...r.kernel.org,
	Chenyuan Yang <chenyuan0y@...il.com>
Subject: [PATCH] fbdev: Check fb_add_videomode to prevent null-ptr-deref

fb_add_videomode() can fail with -ENOMEM when its internal kmalloc()
cannot allocate a struct fb_modelist.
If that happens, the modelist stays empty but the driver continues to
register.
Add a check for its return value to prevent poteintial null-ptr-deref,
which is similar to the commit 17186f1f90d3
("fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var").

Fixes: 1b6c79361ba5 ("video: imxfb: Add DT support")
Signed-off-by: Chenyuan Yang <chenyuan0y@...il.com>
---
 drivers/video/fbdev/imxfb.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/video/fbdev/imxfb.c b/drivers/video/fbdev/imxfb.c
index f30da32cdaed..a077bf346bdf 100644
--- a/drivers/video/fbdev/imxfb.c
+++ b/drivers/video/fbdev/imxfb.c
@@ -996,8 +996,13 @@ static int imxfb_probe(struct platform_device *pdev)
 	info->fix.smem_start = fbi->map_dma;
 
 	INIT_LIST_HEAD(&info->modelist);
-	for (i = 0; i < fbi->num_modes; i++)
-		fb_add_videomode(&fbi->mode[i].mode, &info->modelist);
+	for (i = 0; i < fbi->num_modes; i++) {
+		ret = fb_add_videomode(&fbi->mode[i].mode, &info->modelist);
+		if (ret) {
+			dev_err(&pdev->dev, "Failed to add videomode\n");
+			goto failed_cmap;
+		}
+	}
 
 	/*
 	 * This makes sure that our colour bitfield
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ