Re: [PATCH] fix NULL pointer deference crash

Wed, 31 Mar 2021 13:03:55 -0700 

Hi Hassan,

url:    
https://github.com/0day-ci/linux/commits/Hassan-Shahbazi/fix-NULL-pointer-deference-crash/20210401-004543
base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 
5e46d1b78a03d52306f21f77a4e4a144b6d31486
config: x86_64-randconfig-m001-20210330 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <l...@intel.com>
Reported-by: Dan Carpenter <dan.carpen...@oracle.com>

New smatch warnings:
drivers/video/fbdev/core/fbcon.c:1336 fbcon_cursor() warn: variable 
dereferenced before check 'ops' (see line 1324)

Old smatch warnings:
drivers/video/fbdev/core/fbcon.c:3028 fbcon_get_con2fb_map_ioctl() warn: 
potential spectre issue 'con2fb_map' [r]

vim +/ops +1336 drivers/video/fbdev/core/fbcon.c

^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1318  static void fbcon_cursor(struct vc_data *vc, int mode)
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1319  {
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1320    struct fb_info *info = registered_fb[con2fb_map[vc->vc_num]];
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1321    struct fbcon_ops *ops = info->fbcon_par;
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1322    int c = scr_readw((u16 *) vc->vc_pos);
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1323  
2a17d7e80f1df44 drivers/video/console/fbcon.c    Scot Doyle         2015-08-04 
@1324    ops->cur_blink_jiffies = msecs_to_jiffies(vc->vc_cur_blink_ms);
2a17d7e80f1df44 drivers/video/console/fbcon.c    Scot Doyle         2015-08-04  
1325  
d1e2306681ad3cb drivers/video/console/fbcon.c    Michal Januszewski 2007-05-08  
1326    if (fbcon_is_inactive(vc, info) || vc->vc_deccm != 1)
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1327            return;
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1328  
c0e4b3ad67997a6 drivers/video/fbdev/core/fbcon.c Jiri Slaby         2020-06-15  
1329    if (vc->vc_cursor_type & CUR_SW)
acba9cd01974353 drivers/video/console/fbcon.c    Antonino A. Daplas 2007-07-17  
1330            fbcon_del_cursor_timer(info);
a5edce421848442 drivers/video/console/fbcon.c    Thierry Reding     2015-05-21  
1331    else
acba9cd01974353 drivers/video/console/fbcon.c    Antonino A. Daplas 2007-07-17  
1332            fbcon_add_cursor_timer(info);
acba9cd01974353 drivers/video/console/fbcon.c    Antonino A. Daplas 2007-07-17  
1333  
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1334    ops->cursor_flash = (mode == CM_ERASE) ? 0 : 1;
                                                                                
        ^^^^^^^^^^^^^^^^^
Dereferenced

^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1335  
1d73453653c6d4f drivers/video/fbdev/core/fbcon.c Hassan Shahbazi    2021-03-31 
@1336    if (ops && ops->cursor)
                                                                                
            ^^^
Checked too late

06a0df4d1b8b13b drivers/video/fbdev/core/fbcon.c Linus Torvalds     2020-09-08  
1337            ops->cursor(vc, info, mode, get_color(vc, info, c, 1),
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1338                            get_color(vc, info, c, 0));
^1da177e4c3f415 drivers/video/console/fbcon.c    Linus Torvalds     2005-04-16  
1339  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-...@lists.01.org

Attachment: .config.gz
Description: application/gzip

Reply via email to