Re: [BUG] tiocsti() NULL dereference if ld->ops->receive_buf==NULL

From: Greg Kroah-Hartman
Date: Sat Jan 19 2019 - 04:20:34 EST

Next message: ååé: "Re: [RFC v5 2/4] pstore/blk: add sample for pstore_blk"
Previous message: liaoweixiong: "Re: [RFC v5 2/4] pstore/blk: add sample for pstore_blk"
In reply to: Jann Horn: "[BUG] tiocsti() NULL dereference if ld->ops->receive_buf==NULL"
Next in thread: Greg Kroah-Hartman: "Re: [BUG] tiocsti() NULL dereference if ld->ops->receive_buf==NULL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 18, 2019 at 08:09:07PM +0100, Jann Horn wrote:
> Hi!
>
> When a line discipline doesn't have a ->receive_buf handler, tiocsti()
> attempts to call a NULL pointer. Both tty_n_tracesink and
> spk_ttyio_ldisc_ops don't have such a handler.
>
> To reproduce, build a kernel with CONFIG_SPEAKUP=y and
> CONFIG_SPEAKUP_SYNTH_SOFT=y, set speakup.synth=soft in the kernel
> command line, and run the following code as root:

<snip>

Ugh, thanks for finding this. I'll look at it later this afternoon...

greg k-h

Next message: ååé: "Re: [RFC v5 2/4] pstore/blk: add sample for pstore_blk"
Previous message: liaoweixiong: "Re: [RFC v5 2/4] pstore/blk: add sample for pstore_blk"
In reply to: Jann Horn: "[BUG] tiocsti() NULL dereference if ld->ops->receive_buf==NULL"
Next in thread: Greg Kroah-Hartman: "Re: [BUG] tiocsti() NULL dereference if ld->ops->receive_buf==NULL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]