Received: by 10.192.165.148 with SMTP id m20csp1839163imm; Thu, 26 Apr 2018 03:04:59 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+u3Ta+LkhYCvfgmEiEqUzdxtGRwOV7JUOcI+dPnNE29bMgGMrveAlBerMUqIgOPnMTOJww X-Received: by 2002:a17:902:bd41:: with SMTP id b1-v6mr32333890plx.302.1524737099469; Thu, 26 Apr 2018 03:04:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524737099; cv=none; d=google.com; s=arc-20160816; b=ei0XtV6fDP7jjS8OnijWv8rc8gPP7/tRtcPhEscpAvu9E5tpbHL7y84wTUPBznL1IQ DTL9tupBDZ1Pt+0FS0bV3myfAEhXegO5AU227sACaXjd6YBhm0Pa5IoziLNjy6aqer57 7HzN4aYl+LccAhvnfYxkq4tNoaERbt7+jbsPLwDuclMhzJOnztXVATd89Q+sU0Z99Phh FkhEwpiEffpzqrFT5fSRg0KW64mNcNBWXti5o+krpbxLrs4KhmTrzWYH8aIns4VXtFwu gtI6P2EdwMkO8el96NPFM3lvRPz8Q4yrTom6z9nzJeVCBxuH6e99q3LMsdPJHf3dUpIg GbeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:organization:message-id:date:subject:cc:to :from:dkim-signature:arc-authentication-results; bh=DvzC88AcRg7homHvRsZyRkSoa1JjRNDl2q1pVZHAgaE=; b=TtjWI56Xsm3kY0sOCRqckrtE81GIKCvEmTQPx5+SZ+e3kEqn7w86oEXVjAD2GbCzCL Gj+dLFhWkjIE7SDtWnrr7ssENZP0UHuGAp46BlHlOMTiyej7RMxyV6AtOHEcJm+6mO38 GN2JCdbdnZQGW+2NZtCRbtwOSOwuKqhJAE55rD8rXS425oIoqmotso5rN1pHtuFvFGf1 99XMppj/QtrL8FKxpWUVE5EwjcLEM4qL9EdUWHP0Ih/ldI9Oyea8/keqhrVx7BRBSR/K TioEK6NEOGw6j9BmO3/4uTROqvuS3Vx9e4dPpq5zsjvzwrCPncPkau5y6vTw31j1+oww kgxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@ideasonboard.com header.s=mail header.b=EUckoNfv; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q8si16093120pgf.293.2018.04.26.03.04.44; Thu, 26 Apr 2018 03:04:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@ideasonboard.com header.s=mail header.b=EUckoNfv; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754743AbeDZKDG (ORCPT + 99 others); Thu, 26 Apr 2018 06:03:06 -0400 Received: from perceval.ideasonboard.com ([213.167.242.64]:55504 "EHLO perceval.ideasonboard.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753487AbeDZKDC (ORCPT ); Thu, 26 Apr 2018 06:03:02 -0400 Received: from avalon.localnet (dfj612ybrt5fhg77mgycy-3.rev.dnainternet.fi [IPv6:2001:14ba:21f5:5b00:2e86:4862:ef6a:2804]) by perceval.ideasonboard.com (Postfix) with ESMTPSA id 0CFC43E45; Thu, 26 Apr 2018 12:02:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com; s=mail; t=1524736980; bh=fK3/WgGXjFU0FDCWfhMMJDArnDJgVQoN2RjSniejAoU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EUckoNfvFBvHilYiQt4kc4ZJKoXNNJRjKLgsSTVCy8qv/5BDOmv7E+M86aVHACyiT jxCddqPsRWQUEH1HZSo/2DqXMjQVvv6mXFllr4Gw6J1CmyGhqjMtoSS99yw+JDsN7d 3QnBUh/9xF+z1q+uklJPV09X8iKzrkewSzua1MYQ= From: Laurent Pinchart To: Sakari Ailus Cc: Colin King , Mauro Carvalho Chehab , linux-media@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH][next] media: ispstat: don't dereference user_cfg before a null check Date: Thu, 26 Apr 2018 13:03:15 +0300 Message-ID: <2302951.d1m0yxIoYN@avalon> Organization: Ideas on Board Oy In-Reply-To: <20180426083731.72bmygsp2waf3eeu@valkosipuli.retiisi.org.uk> References: <20180424130618.18211-1-colin.king@canonical.com> <20180426083731.72bmygsp2waf3eeu@valkosipuli.retiisi.org.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Sakari, On Thursday, 26 April 2018 11:37:31 EEST Sakari Ailus wrote: > On Tue, Apr 24, 2018 at 02:06:18PM +0100, Colin King wrote: > > From: Colin Ian King > > > > The pointer user_cfg (a copy of new_conf) is dereference before > > new_conf is null checked, hence we may have a null pointer dereference > > on user_cfg when assigning buf_size from user_cfg->buf_size. Ensure > > this does not occur by moving the assignment of buf_size after the > > null check. > > > > Detected by CoverityScan, CID#1468386 ("Dereference before null check") > > > > Fixes: 68e342b3068c ("[media] omap3isp: Statistics") > > Signed-off-by: Colin Ian King > > Thanks for the patch. > > Gustavo sent effectively the same patch a moment earlier, and that patch > got applied instead. Isn't there a guarantee that new_buf won't be NULL ? The new_buf pointer comes from the parg variable in video_usercopy(), which should always point to a valid buffer given that the ioctl number specifies a non-zero size. -- Regards, Laurent Pinchart