[greybus-dev] Re: Unitialized Variable and Null Pointer Dereference bug in gb_bootrom_get_firmware

On Tue, Jun 21, 2022 at 10:36:04PM +0800, Dongliang Mu wrote:

Hi maintainers,

I would like to send one bug report.

In gb_bootrom_get_firmware, if the first branch is satisfied, it will go to queue_work, leading to the dereference of uninitialized const variable "fw". If the second branch is satisfied, it will go to unlock with fw as NULL pointer, leading to a NULL Pointer Dereference.

The Fixes commit should be [1], introducing the dereference of "fw" in the error handling code.

I am not sure how to fix this bug. Any comment on removing the dereference of fw?

As Johan said, please fix up your tool that found this, it is not working properly.

thanks,

greg k-h