media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Zhang Shurong <[email protected]>	2023-05-07 15:52:47 +0100
committer	Mauro Carvalho Chehab <[email protected]>	2023-05-14 06:30:03 +0100
commit	aa4a447b81b84f69c1a89ad899df157f386d7636 (patch)
tree	51a5b1024a8acbbfa51c448315b8c0d5c0051df7 /tools/testing/selftests/bpf/prog_tests/prog_array_init.c
parent	dff919090155fb22679869e8469168f270dcd97f (diff)

media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer

In rtl28xxu_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach rtl28xxu_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") Link: https://lore.kernel.org/linux-media/[email protected] Signed-off-by: Zhang Shurong <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]>

Diffstat (limited to 'tools/testing/selftests/bpf/prog_tests/prog_array_init.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: