lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <395da01a-a441-4ee5-a49c-e385f800c627@gmx.de>
Date: Fri, 14 Nov 2025 20:15:58 +0100
From: Helge Deller <deller@....de>
To: Haotian Zhang <vulab@...as.ac.cn>, Antonino Daplas <adaplas@...il.com>
Cc: linux-fbdev@...r.kernel.org, dri-devel@...ts.freedesktop.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fbdev/riva: Add NULL checks for
 pci_get_domain_bus_and_slot()

On 11/14/25 09:06, Haotian Zhang wrote:
> The pci_get_domain_bus_and_slot() function can return NULL
> if the requested PCI device is not found. The
> nForceUpdateArbitrationSettings() and nv10GetConfig()
> do not check for this, which can lead to a NULL pointer dereference
> when the returned pointer is used in pci_read_config_dword().
> 
> Add NULL checks immediately after the calls to
> pci_get_domain_bus_and_slot() in both functions.

You issue a warning if the device isn't found (which seems
unlikely btw.).
But you don't take care that the driver exits cleanly then.
Instead it will still try to configure and use rivafb which is wrong.

Helge

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ