Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3535536pxb; Mon, 24 Jan 2022 11:38:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJxkgmltkvjzMZoViKwmA111OUqHg6SJumZQj1WJay3tB7ASlpO7fmEQlHCW8HJoizUhYlqL X-Received: by 2002:a17:902:7c89:b0:14a:a76f:78d2 with SMTP id y9-20020a1709027c8900b0014aa76f78d2mr15938356pll.166.1643053126552; Mon, 24 Jan 2022 11:38:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643053126; cv=none; d=google.com; s=arc-20160816; b=sn4/RtK8BPzCfj6HKRp+TCnvICziB9ukdpVSuaTKCY7KPZcuG7+0KPDkl8coBQixz0 TmWU6zzfrhQRAGqWCca2CriUNRtJ5HSnI1KuoZxLsxvGtaV20gn6Yck/gh9e+T+p5PM4 wElzp3VCrJNC2oWj6l1Y70tGE5S+IAXKO/vgcGzXqHMAJo0uJaLHbsupCoyt+4lwOqrj MVpRgUOCBV1Gjq5jouV5eOH/D2eXQVUUjtFUhZideDM9+/HY2yd/dkQB212vXd3FNPwx FVpU6V6ptmBtLbdkhbI2XP8T1RW+C/tD90SdvtitVeJm68MO2zD7zfg829MGQGkzyJsh LLzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature:dkim-filter :dmarc-filter; bh=bwacIyhw4ndT7Q8gzdzBTG/k+JrJsO2KqpjmIUL+vWA=; b=twqnyPuCgaIhUPnDbp4xFt5Uqhvsjim++T3RpgpFcsLKageO77RloGF/TSf7Jcmmtb i93D1pFmvChoFvE1UOht24HGvwFa5QfpRbvZ4M4EUyIsQ2w+i2sUHKxOdqNYYn50zH6v QJMUctxx8E5kZVJjp/vufI3YItXPWFnAaMwZ5MQb2e9MdGqTBY+y1kIZcFg1K++RZAH9 +H/fnj6k1gHhUzcxHdkAvv9UNxoCA+18lAXwkdOTRbt0jOU3ly6cZptKEWbTUwU3VeHU jaIBOJJbrFVlgoAslCHc6k0y/SqAE8VSQrsxI9Fpl/JfojW5NsuKyP84eNmGbJymG7aX j4Hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=kJI91Vo7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id oa11si213901pjb.163.2022.01.24.11.38.30; Mon, 24 Jan 2022 11:38:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=kJI91Vo7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231425AbiAXRHk (ORCPT + 99 others); Mon, 24 Jan 2022 12:07:40 -0500 Received: from mta-p6.oit.umn.edu ([134.84.196.206]:60816 "EHLO mta-p6.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244156AbiAXRHj (ORCPT ); Mon, 24 Jan 2022 12:07:39 -0500 Received: from localhost (unknown [127.0.0.1]) by mta-p6.oit.umn.edu (Postfix) with ESMTP id 4JjGd65wv5z9vkn3 for ; Mon, 24 Jan 2022 17:07:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p6.oit.umn.edu ([127.0.0.1]) by localhost (mta-p6.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jxuuOSXcyKnP for ; Mon, 24 Jan 2022 11:07:38 -0600 (CST) Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p6.oit.umn.edu (Postfix) with ESMTPS id 4JjGd63sWHz9vknZ for ; Mon, 24 Jan 2022 11:07:38 -0600 (CST) DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p6.oit.umn.edu 4JjGd63sWHz9vknZ DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p6.oit.umn.edu 4JjGd63sWHz9vknZ Received: by mail-pl1-f199.google.com with SMTP id z11-20020a1709027e8b00b0014a642aacc6so3662075pla.10 for ; Mon, 24 Jan 2022 09:07:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=bwacIyhw4ndT7Q8gzdzBTG/k+JrJsO2KqpjmIUL+vWA=; b=kJI91Vo7bN27z4B9JgEUCwzA8BYCtXAdsrJ4FHRzwnK64pe3UPnwWC1F0cAGOtZ7WG Q+88wHxzRN6/WrCSylWwmTG4jmJJ6i2+e5duI47qvf0R66Rz6hoYxplW21WD9Hy7PLZy py9092c5AXMrwBn+lzMOcQYIsP3dkSAMJto4d32KMFkO3G3u8GVXF+wBgDYbFwtlD4Ga ubmyLflng7RPkmH10M+jwZoJ2demX0+SmJLokvvSZy1SUuK9Ascu7NDXRo5OL9jVx7Jh jj2UH9Wn57Ne7QcoP4GoP2ITElgufFyQ5TRan3ToN4maFclNLlM/WUfp4hiasmMMwH+p nJQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=bwacIyhw4ndT7Q8gzdzBTG/k+JrJsO2KqpjmIUL+vWA=; b=Lk4+wsAUtE5LPflatx7y290k5y4ykCpPYKETdHToBU8VI//ZfESDBGqyOyK0XQb2YP KjrpeuIppaFQ+kov2FGb3+sBUgctsUKmUvz/FAqaq+kLOBG8SOSbPD8D+woRnT9mLQrB z2MjWLRLCd/YAAjCH1/WTQG+QNdvK/DWgOnvF0A9yRGQxvzXkzd++loeKVrc/Q0ooD09 mTkgi3B2PycHBREIlq0RsMtungBtopEveFASEPodw+uzkoe+DMZ9ZkRksLsAXHvsHDwX KOClIwnGppgRh94NmU6gtyL/MZmMxki12YLToSAjE/OYZrwWoDn93UCiX+sK/nUrs1+R SrJQ== X-Gm-Message-State: AOAM530JuzZFPj4UsCvnGjNTxoeozmPnq349QXo8OcFvKoDBpC0KiP6Y p1md4JeH8/l4yR5x5aT3mBmLlJfTNrEhft7US7gpdqH8VOTAktYr59RcjX0BQ4AOeRwaQxo0O/K 7XKQeMMyuGmWsCQD4ICNnapBVJyvS X-Received: by 2002:a17:902:8ec9:b0:149:8864:cfd4 with SMTP id x9-20020a1709028ec900b001498864cfd4mr15147414plo.16.1643044057821; Mon, 24 Jan 2022 09:07:37 -0800 (PST) X-Received: by 2002:a17:902:8ec9:b0:149:8864:cfd4 with SMTP id x9-20020a1709028ec900b001498864cfd4mr15147388plo.16.1643044057532; Mon, 24 Jan 2022 09:07:37 -0800 (PST) Received: from zqy787-GE5S.lan ([36.4.61.248]) by smtp.gmail.com with ESMTPSA id ha21sm13030092pjb.48.2022.01.24.09.07.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Jan 2022 09:07:37 -0800 (PST) From: Zhou Qingyang To: zhou1615@umn.edu Cc: kjlu@umn.edu, Tiffany Lin , Andrew-CT Chen , Mauro Carvalho Chehab , Matthias Brugger , Alexandre Courbot , Hans Verkuil , linux-media@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH] media: mtk-vcodec: Fix a NULL pointer dereference in mtk_vcodec_fw_scp_init() Date: Tue, 25 Jan 2022 01:07:31 +0800 Message-Id: <20220124170731.59240-1-zhou1615@umn.edu> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In mtk_vcodec_fw_scp_init(), devm_kzalloc() is assigned to fw and there is a dereference of it right after that, which could lead to NULL pointer dereference on failure of devm_kzalloc(). Fix this bug by adding a NULL check of fw. This bug was found by a static analyzer. Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code. Fixes: 46233e91fa24 ("media: mtk-vcodec: move firmware implementations into their own files") Signed-off-by: Zhou Qingyang --- The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c index d8e66b645bd8..aa36bee51d01 100644 --- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c +++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_scp.c @@ -65,6 +65,9 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(struct mtk_vcodec_dev *dev) } fw = devm_kzalloc(&dev->plat_dev->dev, sizeof(*fw), GFP_KERNEL); + if (!fw) + return ERR_PTR(-ENOMEM); + fw->type = SCP; fw->ops = &mtk_vcodec_rproc_msg; fw->scp = scp; -- 2.25.1