On Tue, Jun 21, 2022 at 10:36:04PM +0800, Dongliang Mu wrote: > Hi maintainers, > > I would like to send one bug report. > > In gb_bootrom_get_firmware, if the first branch is satisfied, it will > go to queue_work, leading to the dereference of uninitialized const > variable "fw". If the second branch is satisfied, it will go to unlock > with fw as NULL pointer, leading to a NULL Pointer Dereference. > > The Fixes commit should be [1], introducing the dereference of "fw" in > the error handling code. > > I am not sure how to fix this bug. Any comment on removing the > dereference of fw? As Johan said, please fix up your tool that found this, it is not working properly. thanks, greg k-h
