[PATCH 03/21] media: davinci_vpfe: fix vpfe_ipipe_init() error handling
Joel Fernandes
joel at joelfernandes.org
Thu Oct 11 16:56:00 UTC 2018
On Mon, Oct 08, 2018 at 09:46:01PM -0700, Joel Fernandes wrote:
> On Fri, Apr 06, 2018 at 10:23:04AM -0400, Mauro Carvalho Chehab wrote:
> > As warned:
> > drivers/staging/media/davinci_vpfe/dm365_ipipe.c:1834 vpfe_ipipe_init() error: we previously assumed 'res' could be null (see line 1797)
> >
> > There's something wrong at vpfe_ipipe_init():
> >
> > 1) it caches the resourse_size() from from the first region
> > and reuses to the second region;
> >
> > 2) the "res" var is overriden 3 times;
> >
> > 3) at free logic, it assumes that "res->start" is not
> > overriden by platform_get_resource(pdev, IORESOURCE_MEM, 6),
> > but that's not true, as it can even be NULL there.
> >
> > This patch fixes the above issues by:
> >
> > a) store the resources used by release_mem_region() on
> > a separate var;
> >
> > b) stop caching resource_size(), using the function where
> > needed.
> >
> > Signed-off-by: Mauro Carvalho Chehab <mchehab at s-opensource.com>
>
> I ran coccicheck on a 4.14.74 stable kernel and noticed that 'res' can be
> NULL in vpfe_ipipe_init. It looks like this patch is not included in the 4.14
> stable series. Can this patch be applied? I applied it myself and it applies
> cleanly, but I have no way to test it.
>
> That 'res->start' error_release could end up a NULL pointer deref.
Should this patch goto 4.14 stable? Seems straightforward and worth it to
prevent the possible NULL pointer deref issue.
- Joel
More information about the devel
mailing list