Hi Tetsuo, On 5/2/22 09:10, Tetsuo Handa wrote:
And we can meet NULL defer even if we leave drv_priv = priv initialization on it's place.I didn't catch the location. As long as "htc_handle->drv_priv = priv;" is done before complete_all(&hif_dev->fw_done) is done, is something wrong?
I don't really remember why I said that, but looks like I just haven't opened callbacks' code.
My point was that my patch does not change the logic, but only fixes 2 problems: UAF and NULL deref.
With regards, Pavel Skripkin
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
