Re: [PATCH][next] media: ispstat: don't dereference user_cfg before a null check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Sakari,

On Thursday, 26 April 2018 11:37:31 EEST Sakari Ailus wrote:
> On Tue, Apr 24, 2018 at 02:06:18PM +0100, Colin King wrote:
> > From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> > 
> > The pointer user_cfg (a copy of new_conf) is dereference before
> > new_conf is null checked, hence we may have a null pointer dereference
> > on user_cfg when assigning buf_size from user_cfg->buf_size. Ensure
> > this does not occur by moving the assignment of buf_size after the
> > null check.
> > 
> > Detected by CoverityScan, CID#1468386 ("Dereference before null check")
> > 
> > Fixes: 68e342b3068c ("[media] omap3isp: Statistics")
> > Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> 
> Thanks for the patch.
> 
> Gustavo sent effectively the same patch a moment earlier, and that patch
> got applied instead.

Isn't there a guarantee that new_buf won't be NULL ? The new_buf pointer comes 
from the parg variable in video_usercopy(), which should always point to a 
valid buffer given that the ioctl number specifies a non-zero size.

-- 
Regards,

Laurent Pinchart






[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux