From: Pietro Borrello borrello@diag.uniroma1.it
[ Upstream commit 27d2a2fd844ec7da70d19fabb482304fd1e0595b ]
bigben_worker() checks report_field to be non-NULL. The check has been added in commit 918aa1ef104d ("HID: bigbenff: prevent null pointer dereference") to prevent a NULL pointer crash. However, the true root cause was a missing check for output reports, patched in commit c7bf714f8755 ("HID: check empty report_list in bigben_probe()"), where the type-confused report list_entry was overlapping with a NULL pointer, which was then causing the crash.
Fixes: 918aa1ef104d ("HID: bigbenff: prevent null pointer dereference") Signed-off-by: Pietro Borrello borrello@diag.uniroma1.it Link: https://lore.kernel.org/r/20230125-hid-unregister-leds-v4-2-7860c5763c38@dia... Signed-off-by: Benjamin Tissoires benjamin.tissoires@redhat.com Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/hid/hid-bigbenff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c index ed3d2d7bc1dd4..b98c5f31c184b 100644 --- a/drivers/hid/hid-bigbenff.c +++ b/drivers/hid/hid-bigbenff.c @@ -197,7 +197,7 @@ static void bigben_worker(struct work_struct *work) u32 len; unsigned long flags;
- if (bigben->removed || !report_field) + if (bigben->removed) return;
buf = hid_alloc_report_buf(bigben->report, GFP_KERNEL);