Dan Carpenter dan.carpenter@linaro.org writes: Hi Dan,
On Fri, Mar 01, 2024 at 02:04:24PM -0500, Mikhail Lobanov wrote:
Dereference of null pointer in the __gb_lights_flash_brightness_set function. Assigning the channel the result of executing the get_channel_from_mode function without checking for NULL may result in an error.
get_channel_from_mode() can only return NULL when light->channels_count is zero.
Although get_channel_from_mode() seems buggy to me. If it can't find the correct mode, it just returns the last channel. So potentially it should be made to return NULL.
Correct, thanks for the fix. Will you or me send a proper patch for this? Taking also the suggestion from Alex.
Thanks in advance.
Cheers, Rui
diff --git a/drivers/staging/greybus/light.c b/drivers/staging/greybus/light.c index d62f97249aca..acd435f5d25d 100644 --- a/drivers/staging/greybus/light.c +++ b/drivers/staging/greybus/light.c @@ -95,15 +95,15 @@ static struct led_classdev *get_channel_cdev(struct gb_channel *channel) static struct gb_channel *get_channel_from_mode(struct gb_light *light, u32 mode) {
- struct gb_channel *channel = NULL;
- struct gb_channel *channel; int i;
for (i = 0; i < light->channels_count; i++) { channel = &light->channels[i]; if (channel && channel->mode == mode)
break;
return channel;
- return channel;
- return NULL;
} static int __gb_lights_flash_intensity_set(struct gb_channel *channel,