From: Jia-Ju Bai <baijiaju1990@gmail.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: mathias.nyman@intel.com, linux-usb@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: usb: host: xhci_debugfs: Fix a null pointer dereference in xhci_debugfs_create_endpoint()
Date: Sat, 4 May 2019 15:30:53 +0800 [thread overview]
Message-ID: <db68433e-d655-217a-4a73-4bb83069addc@gmail.com> (raw)
On 2019/5/4 14:33, Greg KH wrote:
> On Sat, May 04, 2019 at 11:37:48AM +0800, Jia-Ju Bai wrote:
>> In xhci_debugfs_create_slot(), kzalloc() can fail and
>> dev->debugfs_private will be NULL.
>> In xhci_debugfs_create_endpoint(), dev->debugfs_private is used without
>> any null-pointer check, and can cause a null pointer dereference.
>>
>> To fix this bug, a null-pointer check is added in
>> xhci_debugfs_create_endpoint().
>>
>> This bug is found by a runtime fuzzing tool named FIZZER written by us.
>>
>> Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
> Very rare case, but nice fix. You should put "potential" in your
> subject line as this is something that no one should ever hit :)
Okay, Greg, thanks for this advice :)
Best wishes,
Jia-Ju Bai
WARNING: multiple messages have this Message-ID (diff)
From: Jia-Ju Bai <baijiaju1990@gmail.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: mathias.nyman@intel.com, linux-usb@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] usb: host: xhci_debugfs: Fix a null pointer dereference in xhci_debugfs_create_endpoint()
Date: Sat, 4 May 2019 15:30:53 +0800 [thread overview]
Message-ID: <db68433e-d655-217a-4a73-4bb83069addc@gmail.com> (raw)
Message-ID: <20190504073053.a-ZXI6vHiDTsbRDpi1vd2aQeSH4C9G6tId-V2XA7Zmo@z> (raw)
In-Reply-To: <20190504063340.GA26311@kroah.com>
On 2019/5/4 14:33, Greg KH wrote:
> On Sat, May 04, 2019 at 11:37:48AM +0800, Jia-Ju Bai wrote:
>> In xhci_debugfs_create_slot(), kzalloc() can fail and
>> dev->debugfs_private will be NULL.
>> In xhci_debugfs_create_endpoint(), dev->debugfs_private is used without
>> any null-pointer check, and can cause a null pointer dereference.
>>
>> To fix this bug, a null-pointer check is added in
>> xhci_debugfs_create_endpoint().
>>
>> This bug is found by a runtime fuzzing tool named FIZZER written by us.
>>
>> Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
> Very rare case, but nice fix. You should put "potential" in your
> subject line as this is something that no one should ever hit :)
Okay, Greg, thanks for this advice :)
Best wishes,
Jia-Ju Bai
next prev reply other threads:[~2019-05-04 7:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-04 3:37 usb: host: xhci_debugfs: Fix a null pointer dereference in xhci_debugfs_create_endpoint() Jia-Ju Bai
2019-05-04 3:37 ` [PATCH] " Jia-Ju Bai
2019-05-04 6:33 ` Greg Kroah-Hartman
2019-05-04 6:33 ` [PATCH] " Greg KH
2019-05-04 7:30 ` Jia-Ju Bai [this message]
2019-05-04 7:30 ` Jia-Ju Bai
2019-05-06 11:16 ` Mathias Nyman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=db68433e-d655-217a-4a73-4bb83069addc@gmail.com \
--to=baijiaju1990@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mathias.nyman@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.