On Thu, 30 Jan 2025, Haoyu Li <lihaoyu499@xxxxxxxxx> wrote:
> In the function "wled_probe", the "wled->name" is dynamically allocated
> (wled_probe -> wled_configure -> devm_kasprintf), which is possible
> to be null.
>
> In the call trace: wled_probe -> devm_backlight_device_register
> -> backlight_device_register, this "name" variable is directly
> dereferenced without checking. We add a null-check statement.
>
> Fixes: f86b77583d88 ("backlight: pm8941: Convert to using %pOFn instead of device_node.name")
> Signed-off-by: Haoyu Li <lihaoyu499@xxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
IMO whoever allocates should be responsible for checking NULL instead of
passing NULL around and expecting everyone check their input for NULL.
BR,
Jani.
> ---
> drivers/video/backlight/backlight.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/video/backlight/backlight.c b/drivers/video/backlight/backlight.c
> index f699e5827ccb..b21670bd86de 100644
> --- a/drivers/video/backlight/backlight.c
> +++ b/drivers/video/backlight/backlight.c
> @@ -414,6 +414,8 @@ struct backlight_device *backlight_device_register(const char *name,
> struct backlight_device *new_bd;
> int rc;
>
> + if (!name)
> + return ERR_PTR(-EINVAL);
> pr_debug("backlight_device_register: name=%s\n", name);
>
> new_bd = kzalloc(sizeof(struct backlight_device), GFP_KERNEL);
--
Jani Nikula, Intel
