mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-14 13:36:48 +07:00
c7a1914640
The syzbot fuzzer found two invalid-access bugs in the usbvision driver. These bugs occur when userspace keeps the device file open after the device has been disconnected and usbvision_disconnect() has set usbvision->dev to NULL: When the device file is closed, usbvision_radio_close() tries to issue a usb_set_interface() call, passing the NULL pointer as its first argument. If userspace performs a querycap ioctl call, vidioc_querycap() calls usb_make_path() with the same NULL pointer. This patch fixes the problems by making the appropriate tests beforehand. Note that vidioc_querycap() is protected by usbvision->v4l2_lock, acquired in a higher layer of the V4L2 subsystem. Reported-and-tested-by: syzbot+7fa38a608b1075dfd634@syzkaller.appspotmail.com Signed-off-by: Alan Stern <stern@rowland.harvard.edu> CC: <stable@vger.kernel.org> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> |
||
---|---|---|
.. | ||
airspy | ||
as102 | ||
au0828 | ||
b2c2 | ||
cpia2 | ||
cx231xx | ||
dvb-usb | ||
dvb-usb-v2 | ||
em28xx | ||
go7007 | ||
gspca | ||
hackrf | ||
hdpvr | ||
msi2500 | ||
pulse8-cec | ||
pvrusb2 | ||
pwc | ||
rainshadow-cec | ||
s2255 | ||
siano | ||
stk1160 | ||
stkwebcam | ||
tm6000 | ||
ttusb-budget | ||
ttusb-dec | ||
usbtv | ||
usbvision | ||
uvc | ||
zr364xx | ||
Kconfig | ||
Makefile |