Hello,
Greg KH, le lun. 10 oct. 2022 19:02:46 +0200, a ecrit:
> On Mon, Oct 10, 2022 at 09:57:20PM +0500, Mushahid Hussain wrote:
> > This patch fixes a segfault by adding a null check on synth in
> > speakup_con_update(). The segfault can be reproduced as follows:
> >
> > - Login into a text console
> >
> > - Load speakup and speakup_soft modules
> >
> > - Remove speakup_soft
> >
> > - Switch to a graphics console
> >
> > This is caused by lack of a null check on `synth` in
> > speakup_con_update().
> >
> > Here's the sequence that causes the segfault:
> >
> > - When we remove the speakup_soft, synth_release() sets the synth
> > to null.
> >
> > - After that, when we change the virtual console to graphics
> > console, vt_notifier_call() is fired, which then calls
> > speakup_con_update().
> >
> > - Inside speakup_con_update() there's no null check on synth,
> > so it calls synth_printf().
> >
> > - Inside synth_printf(), synth_buffer_add() and synth_start(),
> > both access synth, when it is null and causing a segfault.
> >
> > Therefore adding a null check on synth solves the issue.
> >
> > Signed-off-by: Mushahid Hussain <mushi.shar@xxxxxxxxx>
> > Signed-off-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
> > ---
> > drivers/accessibility/speakup/main.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> What commit id does this fix?
It is there since 2610df41489f548e235171b86895d4b49e6acb1f
("staging: speakup: Add pause command used on switching to graphical
mode")
> Should it go to stable kernels?
Yes, please.
Mushahid, you can see in Documentation/process/submitting-patches.rst
how to encode this in the patch submission.
Samuel
