Re: usb/media/cx231xx: null-ptr-deref in cx231xx_usb_probe

From: Johan Hovold
Date: Thu Sep 21 2017 - 04:37:49 EST


On Wed, Sep 20, 2017 at 08:54:08PM +0200, Andrey Konovalov wrote:
> Hi!
>
> I've got the following report while fuzzing the kernel with syzkaller.
>
> On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
>
> The null-ptr-deref happens on assoc_desc->bFirstInterface, where
> assoc_desc = udev->actconfig->intf_assoc[0]. There seems to be no
> check that the device actually contains an Interface Association
> Descriptor.

That is indeed a bug; I'll respond to this mail with a fix.

Thanks,
Johan