is that we end up processing the buffer overflow over and
over again because the bit is never cleared. Resulting in a random system
lockup because of an infinite loop in an interrupt handler.
Signed-off-by: Defang Bo
---
Changes since v1:
- Modify the subject and replace the wrong register.
---
-
there should be a check for rc to prevent null pointer
dereference.
..
Signed-off-by: Defang Bo
---
Changes since v2:
- Resend this patch with manual reformatted.
Changes singe v1:
- More accurate description for this patch to describe how the NULL can get
there.
---
..
---
fs/btrfs/
is that we end up processing the buffer overflow over and
over again because the bit is never cleared. Resulting in a random system
lockup because of an infinite loop in an interrupt handler.
Signed-off-by: Defang Bo
---
Changes since v1:
- Modify the code and correct the wrong fix.
---
---
driv
that we end up processing the buffer overflow over and
over again because the bit is never cleared. Resulting in a random system
lockup because of an infinite loop in an interrupt handler.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/amd/amdgpu/iceland_ih.c | 37 +-
is that we end up processing the buffer overflow over and
over again because the bit is never cleared. Resulting in a random system
lockup because of an infinite loop in an interrupt handler.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 35 ++--
that we end up processing the buffer overflow over and
over again because the bit is never cleared. Resulting in a random system
lockup because of an infinite loop in an interrupt handler.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/amd/amdgpu/cz_ih.c | 39 ---
Similar to commit<1bd54d851f50>("kgdboc: Passing ekgdboc to command line causes
panic"),
kgdbts_option_setup does not check input argument before passing it to strlen.
The argument would be a NULL pointer.
Signed-off-by: Defang Bo
---
drivers/misc/kgdbts.c | 5 +
1
nders the system unusable.
[How]
Fix this by erroring out if an error is detected.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/ast/ast_post.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/ast/ast_post.c b/drivers/gpu/drm/ast/ast_post.c
index 8902c2f
Similar to commit<1bd54d851f50>(("kgdboc: Passing ekgdboc to command line
causes panic"),
kgdbts_option_setup does not check input argument before passing it to strlen.
The argument would be a NULL pointer.
Signed-off-by: Defang Bo
---
drivers/misc/kgdbts.c | 5 +
1
he unnecessary checks in label fail.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/omapdrm/omap_fbdev.c | 10 ++
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/omapdrm/omap_fbdev.c
b/drivers/gpu/drm/omapdrm/omap_fbdev.c
index 3f6cfc2..7ba07c8 100644
--- a/dr
Similar to commit<70de2cbda8a5>("dm thin: add sanity checks
to thin-pool and external snapshot creation"),there should be a check
for argc and argv to prevent Null pointer dereferencing when the dm_get_device
invoked twice on the same device path with differnt mode.
Signed-o
[Why]
Similar to commit("drm/amd/display: Guard against null crtc in
CRC IRQ"), a null pointer deference can occur if crtc is null in
dm_set_vblank.
[How]
Check that CRTC is non-null before accessing its fields.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/amd/display/amdgpu_dm/a
Similar to commit<0dc294f717d4>("powerpc/mm: bail out early when flushing TLB
page"),
there should be a check for 'mm' to prevent Null pointer dereference
in case of 'mm' argument was legitimately passed.
Signed-off-by: Defang Bo
---
arch/powerpc/mm/n
Similar to commit<742859adc721>("m68k: let clk_disable() return immediately if
clk is NULL").
there should be a check for clk to prevent NULL pointer dereference.
Signed-off-by: Defang Bo
---
arch/m68k/coldfire/clk.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ar
Similar to commmit<389305b2>, it turns out that fs_info::reloc_ctl can be NULL ,
so there should be a check for rc to prevent null pointer dereference.
Signed-off-by: Defang Bo
---
fs/btrfs/relocation.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/fs/btrfs/relocation.c b/fs
ion of the skb and data
is read outside of it.
Signed-off-by: Defang Bo
---
net/ipv6/mip6.c | 24 +++-
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index 878fcec..adf984c 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@
Similar to commit<124751d5e>, there should be a check for urb before kill it.
Signed-off-by: Defang Bo
---
sound/usb/mixer.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c
index 81e987e..0223ef3 100644
--- a/sound/usb/m
There should be a check for clk to prevent NULL pointer dereference.
Signed-off-by: Defang Bo
---
arch/m68k/coldfire/clk.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/m68k/coldfire/clk.c b/arch/m68k/coldfire/clk.c
index 7bc666e..cf1ed97 100644
--- a/arch/m68k/coldfire/clk.c
Similar to commit<1bd54d85>,kgdbts_option_setup does not check input argument
before passing it to strlen. The argument would be a NULL pointer.
Signed-off-by: Defang Bo
---
drivers/misc/kgdbts.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/drivers/misc/kgdbts.c b/driver
[Why]
Similar to commit<0fa375e6>. If amdgpu_switcheroo_can_switch access
the drm_device when dev is not bound, a null pointer dereference can happen.
[How]
Add sanity checks to prevent it.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +++
1 file chan
[Why]
Similar to commit<0fa375e6>. If the set_state/can_switch code access the
drm_device when dev is not bound,
a null pointer dereference can happen.
[How]
Add sanity checks to prevent it.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/radeon/radeon_device.c | 6 ++
1 file chan
[Why]
Similar to commit("drm/amd/display: Guard against null crtc in CRC
IRQ"),
a null pointer deference can occur if crtc is null in
dm_set_vblank.
[How]
Check that CRTC is non-null before accessing its fields.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/amd/display/amdgpu_dm/a
Similar to commit<0dc294f7>, there should be a check for 'mm' to prevent Null
pointer dereference in case of 'mm' argument was legitimately passed.
Signed-off-by: Defang Bo
---
arch/powerpc/mm/nohash/tlb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch
ror is detected.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/ast/ast_post.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/ast/ast_post.c b/drivers/gpu/drm/ast/ast_post.c
index ef19c70..86e4d23 100644
--- a/drivers/gpu/drm/ast/ast_post.c
+++ b/drivers/gpu/d
ror is detected.
Signed-off-by: Defang Bo
---
drivers/gpu/drm/ast/ast_post.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/ast/ast_post.c b/drivers/gpu/drm/ast/ast_post.c
index 8902c2f..ef19c70 100644
--- a/drivers/gpu/drm/ast/ast_post.c
+++ b/drivers/g
Similar to commit<70de2cbd>,there should be a check for argc and argv to
prevent Null pointer dereferencing
when the dm_get_device invoked twice on the same device path with differnt mode.
Signed-off-by: Defang Bo
---
drivers/md/dm-snap.c | 7 +++
1 file changed, 7 insertions(+)
Similar to commit<1b0ff89852d7>("tg3: Avoid NULL pointer dereference in
tg3_io_error_detected()")
This patch avoids NULL pointer dereference add a check for netdev being NULL on
tg3_resume().
Signed-off-by: Defang Bo
---
drivers/net/ethernet/broadcom/tg3.c | 2 +-
1 file chan
Just as the commit <4cb79ef9c6c4>("ASoC: amd: Fix potential NULL pointer
dereference"),it makes no sense to allocate any resources if
platform_get_resource fails,so move the call to devm_kzalloc() below the
mentioned code.
Signed-off-by: Defang Bo
---
sound/soc/amd/raven
Similar to commit<1b0ff89852d7>("tg3: Avoid NULL pointer dereference in
tg3_io_error_detected()")
This patch avoids NULL pointer dereference add a check for netdev being NULL on
tg3_resume().
Signed-off-by: Defang Bo
---
drivers/net/ethernet/broadcom/tg3.c | 2 +-
1 file chan
Just as the commit <4cb79ef9c6c4>("ASoC: amd: Fix potential NULL pointer
dereference"),it makes no sense to allocate any resources if
platform_get_resource fails,so move the call to devm_kzalloc() below the
mentioned code.
Signed-off-by: Defang Bo
---
sound/soc/amd/raven
Similar to commit<05829d9431df>("cpufreq: ti-cpufreq: kfree opp_data when
failure"), opp_data needs to be freed when failure, including fail_put_node.
Signed-off-by: Defang Bo
---
drivers/cpufreq/ti-cpufreq.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff
Just as the commit <4cb79ef9c6c4>("ASoC: amd: Fix potential NULL pointer
dereference"),it makes no sense to allocate any resources if res =
platform_get_resource(pdev, IORESOURCE_MEM, 0); fails,so move the call to
devm_kzalloc() below the mentioned code.
Signed-off-by: Defan
commit
("nfc: Ensure presence of required attributes in the
activate_target handler").
Signed-off-by: Defang Bo
---
net/nfc/netlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index e894254..8709f3d 100644
--- a/net/nfc
Similar to commit<1b0ff89852d7>("tg3: Avoid NULL pointer dereference in
tg3_io_error_detected()")
This patch avoids NULL pointer dereference add a check for netdev being NULL on
tg3_resume().
Signed-off-by: Defang Bo
---
drivers/net/ethernet/broadcom/tg3.c | 2 +-
1 file chan
Similar to commit("media: v4l2-compat-ioctl32: prevent go past
max size"} ,add max size check for count variable.
Signed-off-by: Defang Bo
---
drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/v4l2-core/v
In SMB2_open_init() , if smb2_plain_req_init() fails, then the memory assigned
to req will be leaked. It's similar to SMB2_open() which is fixed by the commit
("cifs: fix memory leak in SMB2_open()").
Signed-off-by: Defang Bo
---
fs/cifs/smb2pdu.c | 5 +++--
1 file change
From: estherbdf <603571...@qq.com>
[Why] the func bios_parser_get_src_obj () is similar to
bios_parser_get_dst_obj () which is fixed by the
commit("drm/amd/display: Banch of smatch error and warning fixes
in DC").
the symbol 'id' is uninitialized and it is not checked before dereference
it,m
37 matches
Mail list logo
