mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/staging
History
Zhipeng Lu 69b27ff82f media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries 
[ Upstream commit 3b621e9e9e ]

The allocation failure of mycs->yuv_scaler_binary in load_video_binaries()
is followed with a dereference of mycs->yuv_scaler_binary after the
following call chain:

sh_css_pipe_load_binaries()
  |-> load_video_binaries(mycs->yuv_scaler_binary == NULL)
  |
  |-> sh_css_pipe_unload_binaries()
        |-> unload_video_binaries()

In unload_video_binaries(), it calls to ia_css_binary_unload with argument
&pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the
same memory slot as mycs->yuv_scaler_binary. Thus, a null-pointer
dereference is triggered.

Link: https://lore.kernel.org/r/20240118151303.3828292-1-alexious@zju.edu.cn

Fixes: a49d25364d ("staging/atomisp: Add support for the Intel IPU v2")
Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-05-30 09:49:39 +02:00
..
axis-fifo
board
emxx_udc
fbtft Staging driver updates for 6.7-rc1 2023-11-03 15:31:04 -10:00
fieldbus staging: fieldbus: make controller_class constant 2023-10-06 15:38:17 +02:00
gdm724x staging: gdm724x: Add blank line after declaration 2023-10-21 12:00:24 +02:00
greybus staging: greybus: fix get_channel_from_mode() failure path 2024-03-26 18:17:30 -04:00
iio staging: iio: ad5933: fix type mismatch regression 2024-01-27 16:00:02 +00:00
ks7010 staging: ks7010: disable bh on tx_dev_lock 2023-10-05 09:58:12 +02:00
media media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries 2024-05-30 09:49:39 +02:00
most
nvec
octeon Revert "staging: octeon: remove typedef in enum cvmx_spi_mode_t" 2023-10-30 09:56:27 +01:00
olpc_dcon staging: olpc_dcon: Remove I2C_CLASS_DDC support 2023-10-27 13:10:05 +02:00
pi433 staging: pi433: make pi433_class constant 2023-10-06 15:38:34 +02:00
rtl8192e Staging: rtl8192e: Rename variable OpMode 2024-01-04 14:34:51 +01:00
rtl8712 staging: rtl8712: fix open parentheses alignment 2023-12-23 14:09:31 +01:00
rtl8723bs Staging driver updates for 6.7-rc1 2023-11-03 15:31:04 -10:00
rts5208 staging: rts5208: Remove macros scsi_lock(), scsi_unlock() 2023-10-15 18:20:35 +02:00
sm750fb staging/sm750fb: Initialize fb_ops with fbdev macros 2023-11-29 12:20:41 +01:00
vc04_services staging: vc04_services: fix information leak in create_component() 2024-04-03 15:32:45 +02:00
vme_user staging: vme_user: print more detailed infomation when an error occurs 2024-01-04 14:32:40 +01:00
vt6655 staging: vt6655: Type encoding info dropped from variable name "apTailTD" 2023-11-23 12:47:42 +00:00
vt6656
wlan-ng staging: wlan-ng: remove function prism2sta_ev_txexc 2023-10-17 15:43:52 +02:00
Kconfig staging: qlge: Retire the driver 2023-10-21 11:52:54 +02:00
Makefile staging: qlge: Retire the driver 2023-10-21 11:52:54 +02:00