On Thu, Jan 08, 2026 at 04:33:51PM +0530, Chaitanya Mishra wrote:
Hi Greg,
Found by manual code review while walking the error paths in Gb_lights_light_config(): channels_count is set before channels allocation, but cleanup uses channels_count to iterate and dereference light->channels. If kcalloc() fails, that becomes a NULL deref.
Might I ask why are you manually reviewing the error code paths of this driver? Do you have this hardware somewhere?
Fix is simply deferring channels_count publication until after the allocation succeeds; v2 includes the requested comment.
Tested with: ./scripts/checkpatch.pl --strict -g HEAD ./scripts/checkpatch.pl outgoing/0001-staging-greybus-lights-avoid-NULL-deref.patch
I couldn't build-test locally on macOS due to missing <elf.h> for kernel host tools.
For obvious reasons, sending out patches that you didn't even build test is probably not a good idea :)
thanks,
greg k-h