Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1000508pxk; Fri, 18 Sep 2020 00:42:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz+a+7Dc+b0AkQrnwqFsncl8C7eO+5HGgfvv1bHcl7JOUMdz2jPnWFMtuVG1GCH8hV4o9ca X-Received: by 2002:a50:fb15:: with SMTP id d21mr38662833edq.150.1600414962368; Fri, 18 Sep 2020 00:42:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600414962; cv=none; d=google.com; s=arc-20160816; b=Ei5qXWldQJFWmvdv7DiMuk7UVH6HBboGtyVmNhp+MGCNTZs8rpPBJraSe7dTdMOe7m ibLZh5eljod8GY0kPszu0l9VxPueCNSw7kVNIXJURxewWGNePxi7ogNxhwx99a+iwfiM EkHOU2H264YHe1QmnKju7d7glzZDY3M+gYzPPrSVjSDsu+py7NVCM9owNMtcRQwCGcod hF8QnFshmXszRSbYR5kZkYhMVpA0djRa7TCFpA460t3oqBuuuTnClCQIGD1IWkUsd4aI NJjtNvbhHS40/KcvkKqTR3x+hX1MAT10QaqAyuHP0bicrVavNQHzBV7rbCE/+pYMpDYo qEFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:message-id:date :mime-version:subject:cc:to:envelope-from:from:dkim-signature; bh=Vhr6q6HOSl0PHzL+p9MmuaAOwrGDiHBQhBqvVspML0w=; b=b8tvxw90ByC6DN/bClzfSxTTPNP+Fd4h+54I+CY4pUZk8AGRjtNz0hp5GLLtvHp+kU r/hOIsNFNNsXQHcg4J6JjpXuaPu42MsSPPYpcCd//s2oqZH9JPCt/iVfFTVisoJjbmfD rfhWhQdoM72vw/N2vIS6Y7lr/X4DUq833jAq8Q0fwmmjE2fps+tVtgnIXozSkGNZjaeE c6trDYVWxrEa1BkQJ4VNvlGyuERMsrpZvnsFCOgHn+Sh3bsSPKeENaiaRiY9vtds+Ueu 7tZx0u09a66y7mqKgtOod17iK4fIseu4EkAJQmvPsw7cjcO7Aw4TdrX/W/9QDyeVvNd6 GyyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yandex.ru header.s=mail header.b=D0KzKjsb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l8si1572173edr.396.2020.09.18.00.42.19; Fri, 18 Sep 2020 00:42:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@yandex.ru header.s=mail header.b=D0KzKjsb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726594AbgIRHkK (ORCPT + 99 others); Fri, 18 Sep 2020 03:40:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725941AbgIRHkK (ORCPT ); Fri, 18 Sep 2020 03:40:10 -0400 Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:109]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5292DC061756 for ; Fri, 18 Sep 2020 00:40:10 -0700 (PDT) Received: from mxback12j.mail.yandex.net (mxback12j.mail.yandex.net [IPv6:2a02:6b8:0:1619::87]) by forward106p.mail.yandex.net (Yandex) with ESMTP id 770821C821C5; Fri, 18 Sep 2020 10:40:03 +0300 (MSK) Received: from localhost (localhost [::1]) by mxback12j.mail.yandex.net (mxback/Yandex) with ESMTP id GyoS9c0agh-e2qeRdkc; Fri, 18 Sep 2020 10:40:02 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1600414802; bh=Vhr6q6HOSl0PHzL+p9MmuaAOwrGDiHBQhBqvVspML0w=; h=Date:Message-Id:Cc:Subject:To:From; b=D0KzKjsbfThLPHxnvr/v8orPaXXwhPfnupxx3qjRVPCNnx6tK/3lpRTCSFH95nv4I lo3smjcecB4Qj85/NokXEiLwnI4edUhIjx+ssYoo3zF0kgIxHCCQqXzRfd2mvGSF9m xsa7ALplOpI1XRsp1hKPrUmeGGJGvijXiWADtwo8= Authentication-Results: mxback12j.mail.yandex.net; dkim=pass header.i=@yandex.ru Received: by sas1-5cb23de04cc6.qloud-c.yandex.net with HTTP; Fri, 18 Sep 2020 10:40:02 +0300 From: Evgeny Novikov Envelope-From: eugenenovikov@yandex.ru To: Jean-Christophe Trotin Cc: Mauro Carvalho Chehab , linux-media , linux-kernel , ldv-project-org Subject: [media] st-hva: potential null pointer dereference in hva_hw_its_irq_thread() MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Fri, 18 Sep 2020 10:40:02 +0300 Message-Id: <688931600414652@mail.yandex.ru> Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=utf-8 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If ctx_id >= HVA_MAX_INSTANCES in hva_hw_its_irq_thread(), it dereferences ctx that is initialized to NULL. I can not provide the patch since I do not know the logic of the driver and I have not a capability to test it. Found by Linux Driver Verification project (linuxtesting.org). --  Best regards, Evgeny Novikov