git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Wang Hai <wanghai38@huawei.com>
	Tue, 26 Oct 2021 11:23:48 +0000 (13:23 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 27 Jan 2022 07:47:34 +0000 (08:47 +0100)
commit	e762f10941da2ccec13b47a4eb06aec674172e34
tree	2ec068a061f53a1e7576218aa5027c9ceb197906	tree \| snapshot
parent	6a842bf586f19d5eec5679d355dc519605ebf130	commit \| diff

media: msi001: fix possible null-ptr-deref in msi001_probe()

[ Upstream commit 3d5831a40d3464eea158180eb12cbd81c5edfb6a ]

I got a null-ptr-deref report:

BUG: kernel NULL pointer dereference, address: 0000000000000060
...
RIP: 0010:v4l2_ctrl_auto_cluster+0x57/0x270
...
Call Trace:
msi001_probe+0x13b/0x24b [msi001]
spi_probe+0xeb/0x130
...
do_syscall_64+0x35/0xb0

In msi001_probe(), if the creation of control for bandwidth_auto
fails, there will be a null-ptr-deref issue when it is used in
v4l2_ctrl_auto_cluster().

Check dev->hdl.error before v4l2_ctrl_auto_cluster() to fix this bug.

Link: https://lore.kernel.org/linux-media/20211026112348.2878040-1-wanghai38@huawei.com
Fixes: 93203dd6c7c4 ("[media] msi001: Mirics MSi001 silicon tuner driver")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>