From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nathan Chancellor Date: Tue, 09 Apr 2019 03:28:47 +0000 Subject: Re: [PATCH][next] acpi/hmat: fix uninitialized pointer dereference on pointer 'target' Message-Id: <20190409032847.GA19002@archlinux-i9> List-Id: References: <20190405141215.2079-1-colin.king@canonical.com> In-Reply-To: <20190405141215.2079-1-colin.king@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Colin King Cc: "Rafael J . Wysocki" , Len Brown , Greg Kroah-Hartman , Keith Busch , linux-acpi@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org On Fri, Apr 05, 2019 at 03:12:15PM +0100, Colin King wrote: > From: Colin Ian King > > The pointer 'target' is not initialized and is only assigned when the > ACPI_HMAT_MEMORY_PD_VALID bit in p->flags is set. There is a later null > check on target that leads to an uninitialized pointer read and > dereference when assigning target->processor_pxm when target contains a > non-null garbage value. Fix this by initializing targer to null. > > Fixes: 665ac7e92757 ("acpi/hmat: Register processor domain to its memory") > Addresses-Coverity: ("Uninitialized pointer read") > Signed-off-by: Colin Ian King Reviewed-by: Nathan Chancellor > --- > drivers/acpi/hmat/hmat.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/acpi/hmat/hmat.c b/drivers/acpi/hmat/hmat.c > index b7824a0309f7..b275016ff648 100644 > --- a/drivers/acpi/hmat/hmat.c > +++ b/drivers/acpi/hmat/hmat.c > @@ -366,7 +366,7 @@ static int __init hmat_parse_proximity_domain(union acpi_subtable_headers *heade > const unsigned long end) > { > struct acpi_hmat_proximity_domain *p = (void *)header; > - struct memory_target *target; > + struct memory_target *target = NULL; > > if (p->header.length != sizeof(*p)) { > pr_notice("HMAT: Unexpected address range header length: %d\n", > -- > 2.20.1 > From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nathan Chancellor Subject: Re: [PATCH][next] acpi/hmat: fix uninitialized pointer dereference on pointer 'target' Date: Mon, 8 Apr 2019 20:28:47 -0700 Message-ID: <20190409032847.GA19002@archlinux-i9> References: <20190405141215.2079-1-colin.king@canonical.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <20190405141215.2079-1-colin.king@canonical.com> Sender: linux-kernel-owner@vger.kernel.org To: Colin King Cc: "Rafael J . Wysocki" , Len Brown , Greg Kroah-Hartman , Keith Busch , linux-acpi@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org List-Id: linux-acpi@vger.kernel.org On Fri, Apr 05, 2019 at 03:12:15PM +0100, Colin King wrote: > From: Colin Ian King > > The pointer 'target' is not initialized and is only assigned when the > ACPI_HMAT_MEMORY_PD_VALID bit in p->flags is set. There is a later null > check on target that leads to an uninitialized pointer read and > dereference when assigning target->processor_pxm when target contains a > non-null garbage value. Fix this by initializing targer to null. > > Fixes: 665ac7e92757 ("acpi/hmat: Register processor domain to its memory") > Addresses-Coverity: ("Uninitialized pointer read") > Signed-off-by: Colin Ian King Reviewed-by: Nathan Chancellor > --- > drivers/acpi/hmat/hmat.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/acpi/hmat/hmat.c b/drivers/acpi/hmat/hmat.c > index b7824a0309f7..b275016ff648 100644 > --- a/drivers/acpi/hmat/hmat.c > +++ b/drivers/acpi/hmat/hmat.c > @@ -366,7 +366,7 @@ static int __init hmat_parse_proximity_domain(union acpi_subtable_headers *heade > const unsigned long end) > { > struct acpi_hmat_proximity_domain *p = (void *)header; > - struct memory_target *target; > + struct memory_target *target = NULL; > > if (p->header.length != sizeof(*p)) { > pr_notice("HMAT: Unexpected address range header length: %d\n", > -- > 2.20.1 >