Re: [PATCH] [v2] media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries

From: Andy Shevchenko
Date: Thu Jan 18 2024 - 10:18:45 EST

Next message: Naresh Solanki: "Re: [PATCH v2] regulator: event: Add netlink command for event mask"
Previous message: kernel test robot: "Re: [PATCH v3 13/17] tracing: Recover trace buffers from kexec handover"
In reply to: Zhipeng Lu: "[PATCH] [v2] media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 18, 2024 at 5:13 PM Zhipeng Lu <alexious@xxxxxxxxxx> wrote:
>
> The allocation failure of mycs->yuv_scaler_binary in load_video_binaries
> is followed with a dereference of mycs->yuv_scaler_binary after the
> following call chain:
>
> sh_css_pipe_load_binaries
> |-> load_video_binaries (mycs->yuv_scaler_binary == NULL)
> |
> |-> sh_css_pipe_unload_binaries
> |-> unload_video_binaries
>
> In unload_video_binaries, it calls to ia_css_binary_unload with argument
> &pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the
> same memory slot as mycs->yuv_scaler_binary. Thus, a null-pointer
> dereference is triggered.

Good for me now, thank you.
Reviewed-by: Andy Shevchenko <andy.shevchenko@xxxxxxxxx>

P.S. If needed, or Hans can do it, the references to the functions can
be amended in the commit message as we use the 'func()' format (w/o
quotes).

--
With Best Regards,
Andy Shevchenko

Next message: Naresh Solanki: "Re: [PATCH v2] regulator: event: Add netlink command for event mask"
Previous message: kernel test robot: "Re: [PATCH v3 13/17] tracing: Recover trace buffers from kexec handover"
In reply to: Zhipeng Lu: "[PATCH] [v2] media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]