Hi Mikhail, Thanks for your patch.
Mikhail Lobanov m.lobanov@rosalinux.ru writes:
Dereference of null pointer in the __gb_lights_flash_brightness_set function. Assigning the channel the result of executing the get_channel_from_mode function without checking for NULL may result in an error.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 2870b52bae4c ("greybus: lights: add lights implementation") Signed-off-by: Mikhail Lobanov m.lobanov@rosalinux.ru
Yeah, at the time when this was implemented I recall that we could only set the brightness of the torch mode in a flash led, not in the flash only mode. So, if we were getting here was that for sure we had a torch channel and get_channel_from_mode will always find a channel, so never returning null here.
but yeah, this is safer. but maybe just do something like the bellow would be simpler: modified drivers/staging/greybus/light.c @@ -147,6 +147,9 @@ static int __gb_lights_flash_brightness_set(struct gb_channel *channel) channel = get_channel_from_mode(channel->light, GB_CHANNEL_MODE_TORCH);
+ if (!channel) + return -EINVAL; + /* For not flash we need to convert brightness to intensity */ intensity = channel->intensity_uA.min + (channel->intensity_uA.step * channel->led->brightness);
what do you think?
Cheers, Rui
drivers/staging/greybus/light.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/greybus/light.c b/drivers/staging/greybus/light.c index 87d36948c610..929514350947 100644 --- a/drivers/staging/greybus/light.c +++ b/drivers/staging/greybus/light.c @@ -148,10 +148,15 @@ static int __gb_lights_flash_brightness_set(struct gb_channel *channel) GB_CHANNEL_MODE_TORCH); /* For not flash we need to convert brightness to intensity */
- intensity = channel->intensity_uA.min +
- if (channel) {
intensity = channel->intensity_uA.min + (channel->intensity_uA.step * channel->led->brightness);
- return __gb_lights_flash_intensity_set(channel, intensity);
return __gb_lights_flash_intensity_set(channel, intensity);
- }
- return 0;
} #else static struct gb_channel *get_channel_from_cdev(struct led_classdev *cdev) -- 2.43.0