lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aYme0vuJtoBI591u@zed>
Date: Mon, 9 Feb 2026 09:49:08 +0100
From: Jacopo Mondi <jacopo.mondi@...asonboard.com>
To: Alper Ak <alperyasinak1@...il.com>
Cc: Daniel Scally <dan.scally@...asonboard.com>, 
	Jacopo Mondi <jacopo.mondi@...asonboard.com>, Mauro Carvalho Chehab <mchehab@...nel.org>, 
	Hans Verkuil <hverkuil+cisco@...nel.org>, Nayden Kanchev <nayden.kanchev@....com>, 
	linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] media: malic55: Fix possible ERR_PTR deference in
 enable_streams

Hi Alper

On Sat, Feb 07, 2026 at 12:18:22PM +0300, Alper Ak wrote:
> The media_pad_remote_pad_unique() function returns either a valid
> pointer or an ERR_PTR() on failure (-ENOTUNIQ if multiple links are
> enabled, -ENOLINK if no connected pad is found). The return value
> was assigned directly to isp->remote_src and dereferenced in the
> next line without checking for errors, which could lead to an
> ERR_PTR dereference.
>
> Add proper error checking with IS_ERR() before dereferencing the
> pointer. Also set isp->remote_src to NULL on error to maintain
> consistency with other error paths in the function.
>
> Fixes: d5f281f3dd29 ("media: mali-c55: Add Mali-C55 ISP driver")
> Signed-off-by: Alper Ak <alperyasinak1@...il.com>

As the media link on the ISP sink pad #0 can connect to either the TPG
entity or to the [CSI-2 RX | IVC] pair, it is created without an
IMMUTABLE flag and can be in facts disabled.

So I guess the check is correct in this case:
Acked-by: Jacopo Mondi <jacopo.mondi@...asonboard.com>

As per the other patch for the CRU, it might be nice to attribute
credit to the static analysis tool you have used.

> ---
>  drivers/media/platform/arm/mali-c55/mali-c55-isp.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/drivers/media/platform/arm/mali-c55/mali-c55-isp.c b/drivers/media/platform/arm/mali-c55/mali-c55-isp.c
> index 497f25fbdd13..c7225e9c8df7 100644
> --- a/drivers/media/platform/arm/mali-c55/mali-c55-isp.c
> +++ b/drivers/media/platform/arm/mali-c55/mali-c55-isp.c
> @@ -360,6 +360,13 @@ static int mali_c55_isp_enable_streams(struct v4l2_subdev *sd,
>
>  	sink_pad = &isp->pads[MALI_C55_ISP_PAD_SINK_VIDEO];
>  	isp->remote_src = media_pad_remote_pad_unique(sink_pad);
> +	if (IS_ERR(isp->remote_src))  {
> +		ret = PTR_ERR(isp->remote_src);
> +		dev_err(mali_c55->dev, "Failed to get remote source pad: %d\n", ret);
> +		isp->remote_src = NULL;
> +		return ret;
> +	}
> +
>  	src_sd = media_entity_to_v4l2_subdev(isp->remote_src->entity);
>
>  	isp->frame_sequence = 0;
> --
> 2.43.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ