Re: [PATCH] fix NULL pointer deference crash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Hassan,

url:    https://github.com/0day-ci/linux/commits/Hassan-Shahbazi/fix-NULL-pointer-deference-crash/20210401-004543
base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5e46d1b78a03d52306f21f77a4e4a144b6d31486
config: x86_64-randconfig-m001-20210330 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

New smatch warnings:
drivers/video/fbdev/core/fbcon.c:1336 fbcon_cursor() warn: variable dereferenced before check 'ops' (see line 1324)

Old smatch warnings:
drivers/video/fbdev/core/fbcon.c:3028 fbcon_get_con2fb_map_ioctl() warn: potential spectre issue 'con2fb_map' [r]

vim +/ops +1336 drivers/video/fbdev/core/fbcon.c

^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1318  static void fbcon_cursor(struct vc_data *vc, int mode)
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1319  {
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1320  	struct fb_info *info = registered_fb[con2fb_map[vc->vc_num]];
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1321  	struct fbcon_ops *ops = info->fbcon_par;
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1322   	int c = scr_readw((u16 *) vc->vc_pos);
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1323  
2a17d7e80f1df44 drivers/video/console/fbcon.c    Scot Doyle         2015-08-04 @1324  	ops->cur_blink_jiffies = msecs_to_jiffies(vc->vc_cur_blink_ms);
2a17d7e80f1df44 drivers/video/console/fbcon.c    Scot Doyle         2015-08-04  1325  
d1e2306681ad3cb drivers/video/console/fbcon.c    Michal Januszewski 2007-05-08  1326  	if (fbcon_is_inactive(vc, info) || vc->vc_deccm != 1)
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1327  		return;
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1328  
c0e4b3ad67997a6 drivers/video/fbdev/core/fbcon.c Jiri Slaby         2020-06-15  1329  	if (vc->vc_cursor_type & CUR_SW)
acba9cd01974353 drivers/video/console/fbcon.c    Antonino A. Daplas 2007-07-17  1330  		fbcon_del_cursor_timer(info);
a5edce421848442 drivers/video/console/fbcon.c    Thierry Reding     2015-05-21  1331  	else
acba9cd01974353 drivers/video/console/fbcon.c    Antonino A. Daplas 2007-07-17  1332  		fbcon_add_cursor_timer(info);
acba9cd01974353 drivers/video/console/fbcon.c    Antonino A. Daplas 2007-07-17  1333  
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1334  	ops->cursor_flash = (mode == CM_ERASE) ? 0 : 1;
                                                                                        ^^^^^^^^^^^^^^^^^
Dereferenced

^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1335  
1d73453653c6d4f drivers/video/fbdev/core/fbcon.c Hassan Shahbazi    2021-03-31 @1336  	if (ops && ops->cursor)
                                                                                            ^^^
Checked too late

06a0df4d1b8b13b drivers/video/fbdev/core/fbcon.c Linus Torvalds     2020-09-08  1337  		ops->cursor(vc, info, mode, get_color(vc, info, c, 1),
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1338  				get_color(vc, info, c, 0));
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  1339  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip

_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel

[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux