re: soc: mediatek: SVS: introduce MTK SVS engine

From: Colin King (gmail)
Date: Wed Jun 22 2022 - 08:02:32 EST

Next message: Kefeng Wang: "Re: [PATCH 5/5] arm64: kdump: Don't defer the reservation of crash high memory"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 03/14] ARM: dts: qcom: use generic sram as name for imem and ocmem nodes"
Next in thread: Matthias Brugger: "Re: soc: mediatek: SVS: introduce MTK SVS engine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

static analysis on linux-next with clang scan-build has detected a null pointer dereference in the following commit:

commit 681a02e9500073cd8b9c25a04f06166254b5a879
Author: Roger Lu <roger.lu@xxxxxxxxxxxx>
Date: Mon May 16 08:43:07 2022 +0800

soc: mediatek: SVS: introduce MTK SVS engine

The issue is as follows:

static irqreturn_t svs_isr(int irq, void *data)
{
struct svs_platform *svsp = data;
struct svs_bank *svsb = NULL;
unsigned long flags;
u32 idx, int_sts, svs_en;

for (idx = 0; idx < svsp->bank_max; idx++) {
svsb = &svsp->banks[idx];
WARN(!svsb, "%s: svsb(%s) is null", __func__, svsb->name);
spin_lock_irqsave(&svs_lock, flags);
svsp->pbank = svsb;

If svsb is null, then the WARN message will dereference it when printing svsb->name. Also, subsequent dereferences to sbsv will cause a null pointer dereference, for example the svsp->pbank assignment.

Colin

Next message: Kefeng Wang: "Re: [PATCH 5/5] arm64: kdump: Don't defer the reservation of crash high memory"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 03/14] ARM: dts: qcom: use generic sram as name for imem and ocmem nodes"
Next in thread: Matthias Brugger: "Re: soc: mediatek: SVS: introduce MTK SVS engine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]