[PATCH] drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
Du Cheng
ducheng2 at gmail.com
Fri Mar 12 09:13:02 UTC 2021
On Fri, Mar 12, 2021 at 09:36:42AM +0100, Greg Kroah-Hartman wrote:
> On Fri, Mar 12, 2021 at 04:14:21PM +0800, Du Cheng wrote:
> > add null-check on function pointer before dereference on ops->cursor
> >
> > Reported-by: syzbot+b67aaae8d3a927f68d20 at syzkaller.appspotmail.com
> > Signed-off-by: Du Cheng <ducheng2 at gmail.com>
> > ---
> > drivers/video/fbdev/core/fbcon.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
> > index 44a5cd2f54cc..3406067985b1 100644
> > --- a/drivers/video/fbdev/core/fbcon.c
> > +++ b/drivers/video/fbdev/core/fbcon.c
> > @@ -1333,6 +1333,9 @@ static void fbcon_cursor(struct vc_data *vc, int mode)
> >
> > ops->cursor_flash = (mode == CM_ERASE) ? 0 : 1;
> >
> > + if (!ops->cursor)
> > + return;
> > +
> > ops->cursor(vc, info, mode, get_color(vc, info, c, 1),
> > get_color(vc, info, c, 0));
> > }
> > --
> > 2.27.0
> >
>
> Is this the same issue reported here:
> https://lore.kernel.org/r/20210307105642.112572-1-h.shahbazi.git@gmail.com
>
> And has syzbot testing shown that this fix does solve the issue?
>
> thanks,
>
> greg k-h
Hi Greg,
I sent both my patch and that of shahbazi to syzbot to see if they resolve the
bug by the id b67aaae8d3a927f68d20.
I will keep you posted of the outcomes.
Regards,
Du Cheng
More information about the dri-devel
mailing list