Hi Mikhail,
Thanks for your patch.
Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx> writes:
> Dereference of null pointer in the __gb_lights_flash_brightness_set function.
> Assigning the channel the result of executing the get_channel_from_mode function
> without checking for NULL may result in an error.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 2870b52bae4c ("greybus: lights: add lights implementation")
> Signed-off-by: Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx>
Yeah, at the time when this was implemented I recall that we could only
set the brightness of the torch mode in a flash led, not in the flash
only mode. So, if we were getting here was that for sure we had a torch
channel and get_channel_from_mode will always find a channel, so never
returning null here.
but yeah, this is safer. but maybe just do something like the bellow
would be simpler:
modified drivers/staging/greybus/light.c
@@ -147,6 +147,9 @@ static int __gb_lights_flash_brightness_set(struct gb_channel *channel)
channel = get_channel_from_mode(channel->light,
GB_CHANNEL_MODE_TORCH);
+ if (!channel)
+ return -EINVAL;
+
/* For not flash we need to convert brightness to intensity */
intensity = channel->intensity_uA.min +
(channel->intensity_uA.step * channel->led->brightness);
what do you think?
Cheers,
Rui
> ---
> drivers/staging/greybus/light.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/staging/greybus/light.c b/drivers/staging/greybus/light.c
> index 87d36948c610..929514350947 100644
> --- a/drivers/staging/greybus/light.c
> +++ b/drivers/staging/greybus/light.c
> @@ -148,10 +148,15 @@ static int __gb_lights_flash_brightness_set(struct gb_channel *channel)
> GB_CHANNEL_MODE_TORCH);
>
> /* For not flash we need to convert brightness to intensity */
> - intensity = channel->intensity_uA.min +
> +
> + if (channel) {
> + intensity = channel->intensity_uA.min +
> (channel->intensity_uA.step * channel->led->brightness);
>
> - return __gb_lights_flash_intensity_set(channel, intensity);
> + return __gb_lights_flash_intensity_set(channel, intensity);
> + }
> +
> + return 0;
> }
> #else
> static struct gb_channel *get_channel_from_cdev(struct led_classdev *cdev)
> --
> 2.43.0
_______________________________________________
greybus-dev mailing list -- greybus-dev@xxxxxxxxxxxxxxxx
To unsubscribe send an email to greybus-dev-leave@xxxxxxxxxxxxxxxx
|