media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	harperchen <harperchen1110@gmail.com>	2023-03-03 16:30:11 +0100
committer	Mauro Carvalho Chehab <mchehab@kernel.org>	2023-03-19 22:56:45 +0100
commit	1634b7adcc5bef645b3666fdd564e5952a9e24e0 (patch)
tree	ebdf9d9cca8f90b0c5962f9a18d2df29dda216c1 /drivers/media/platform/st/stm32/stm32-dcmi.c
parent	3af805f70c83525305c1096ec15c64f50d9efa05 (diff)

media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish

When the driver calls tw68_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer buf->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered. This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71. We believe the bug can be also dynamically triggered from user side. Similarly, we fix this by checking the return value of tw68_risc_buffer() and the value of buf->cpu before buffer free. Signed-off-by: harperchen <harperchen1110@gmail.com> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>

Diffstat (limited to 'drivers/media/platform/st/stm32/stm32-dcmi.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: