LinuxLists.cc - RE: iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc

2024-06-05 14:49:26

Subject: RE: iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe()

Hi,

I could we drop this CVE?

of_match_device() can not return NULL in this case.

Even commit message agree on this:

" ... In practice there is no known reasonable way to trigger this, but
in case one is added in future, harden the code by adding the check ..."

Regards,
Ivan

2024-06-08 11:39:35

by Greg Kroah-Hartman

[permalink] [raw]

Subject: Re: iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe()

On Wed, Jun 05, 2024 at 05:51:23PM +0300, Ivan T. Ivanov wrote:
> Hi,
>
> I could we drop this CVE?
>
> of_match_device() can not return NULL in this case.
>
> Even commit message agree on this:
>
> " ... In practice there is no known reasonable way to trigger this, but
> in case one is added in future, harden the code by adding the check ..."

Ugh, our fault, sorry about that, now rejected.

Thanks again for the review!

greg k-h