linux/drivers/media
Zhou Qingyang 3af86b0469 media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
In hexium_attach(dev, info), saa7146_vv_init() is called to allocate
a new memory for dev->vv_data. saa7146_vv_release() will be called on
failure of saa7146_register_device(). There is a dereference of
dev->vv_data in saa7146_vv_release(), which could lead to a NULL
pointer dereference on failure of saa7146_vv_init().

Fix this bug by adding a check of saa7146_vv_init().

This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.

Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.

Builds with CONFIG_VIDEO_HEXIUM_GEMINI=m show no new warnings,
and our static analyzer no longer warns about this code.

Link: https://lore.kernel.org/linux-media/20211203154030.111210-1-zhou1615@umn.edu
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
2021-12-14 15:09:14 +01:00
..
cec media: cec: fix a deadlock situation 2021-12-07 11:29:56 +01:00
common media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() 2021-12-14 15:09:14 +01:00
dvb-core media: dvb-core: dvb_frontend: address some clang warnings 2021-11-29 10:15:04 +01:00
dvb-frontends media: media si2168: Fix spelling mistake "previsously" -> "previously" 2021-12-07 11:29:57 +01:00
firewire media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() 2021-09-30 10:07:54 +02:00
i2c media: i2c: max9286: Get rid of duplicate of_node assignment 2021-12-14 15:09:13 +01:00
mc media: mc: mc-entity.c: Use bitmap_zalloc() when applicable 2021-12-14 15:09:14 +01:00
mmc
pci media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() 2021-12-14 15:09:14 +01:00
platform media: rockchip: rkisp1: use device name for debugfs subdir name 2021-12-14 15:09:14 +01:00
radio media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() 2021-11-30 12:00:53 +01:00
rc media: streamzap: remove redundant gap calculations 2021-12-14 15:09:13 +01:00
spi media: cxd2880: Eliminate dead code 2021-12-07 11:29:57 +01:00
test-drivers media: replace setting of bytesused with vb2_set_plane_payload 2021-12-07 11:29:56 +01:00
tuners media: msi001: fix possible null-ptr-deref in msi001_probe() 2021-12-14 15:09:14 +01:00
usb media: dw2102: Fix use after free 2021-12-14 15:09:14 +01:00
v4l2-core Linux 5.16-rc4 2021-12-07 11:29:41 +01:00
Kconfig media: correct MEDIA_TEST_SUPPORT help text 2021-11-15 08:12:06 +00:00
Makefile