On Fri, Jan 9, 2026 at 12:18 PM Warner Losh <[email protected]> wrote: > > The branch main has been updated by imp: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=7631790422464de1aec309018e2c444defe5f629 > > commit 7631790422464de1aec309018e2c444defe5f629 > Author: Jack Bendtsen <[email protected]> > AuthorDate: 2025-06-19 07:40:31 +0000 > Commit: Warner Losh <[email protected]> > CommitDate: 2026-01-09 20:17:13 +0000 > > Fix NULL deref segfault in bhyve's usb_mouse.c > > Some of the cases inside umouse_request() (usr.sbin/bhyve/usb_mouse.c) > use the data component of an event, while only partially checking if > it's NULL. 'data' has a NULL check, but then 'data' is immediately > deferenced anyway after the check regardless of if it's NULL or not.
The SmartOS/Illumos folks ran into this issue a bit ago and fixed their version of bhyve differently (https://www.illumos.org/issues/17784). This has been on my to-do list, but it didn't make it to the top before this (point hat: chuck@). Any concerns or objections to my committing https://reviews.freebsd.org/D54661 to minimize our diffs with SmartOS/illumos? --chuck
