Greg KH <greg@xxxxxxxxx> writes:
> On Tue, Jan 25, 2022 at 12:48:45AM +0800, Zhou Qingyang wrote:
>> In brcmf_chip_recognition(), the return value of brcmf_chip_add_core()
>> is assigned to core and is passed to brcmf_chip_sb_corerev(). In
>> brcmf_chip_sb_corerev(), there exists dereference of core without check.
>> the return value of brcmf_chip_add_core() could be ERR_PTR on failure of
>> allocation, which could lead to a NULL pointer dereference bug.
>>
>> Fix this bug by adding IS_ERR check for every variable core.
>>
>> This bug was found by a static analyzer.
>>
>> Builds with 'make allyesconfig' show no new warnings,
>> and our static analyzer no longer warns about this code
>>
>> Fixes: cb7cf7be9eba ("brcmfmac: make chip related functions host
>> interface independent")
>> Signed-off-by: Zhou Qingyang <zhou1615@xxxxxxx>
>> ---
>> The analysis employs differential checking to identify inconsistent
>> security operations (e.g., checks or kfrees) between two code paths
>> and confirms that the inconsistent operations are not recovered in the
>> current function or the callers, so they constitute bugs.
>>
>> Note that, as a bug found by static analysis, it can be a false
>> positive or hard to trigger. Multiple researchers have cross-reviewed
>> the bug.
>
> As stated before, umn.edu is still not allowed to contribute to the
> Linux kernel. Please work with your administration to resolve this
> issue.
Thanks Greg, I didn't notice that this is from umn.edu. After seeing
what kind of "research" umn.edu does I will not even look at umn.edu
patches, they all will be automatically rejected without comments.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
