[PATCH v2] fbcon: Fix a NULL pointer dereference issue in fbcon_putcs

From: Qianqiang Liu
Date: Tue Sep 24 2024 - 12:14:05 EST

Next message: Jarkko Sakkinen: "Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open"
Previous message: Jarkko Sakkinen: "Re: [PATCH v5 4/5] tpm: Allocate chip->auth in tpm2_start_auth_session()"
Next in thread: Helge Deller: "Re: [PATCH v2] fbcon: Fix a NULL pointer dereference issue in fbcon_putcs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

syzbot has found a NULL pointer dereference bug in fbcon.

This issue is caused by ops->putcs being a NULL pointer.
We need to ensure it is initialized properly.

Reported-by: syzbot+3d613ae53c031502687a@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=3d613ae53c031502687a
Tested-by: syzbot+3d613ae53c031502687a@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Qianqiang Liu <qianqiang.liu@xxxxxxx>
---
Changes since v1:
- Initialize ops->putcs by calling set_blitting_type()
---
drivers/video/fbdev/core/fbcon.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index 2e093535884b..d9abae2516d8 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -861,6 +861,8 @@ static int set_con2fb_map(int unit, int newidx, int user)
return err;

fbcon_add_cursor_work(info);
+ } else if (vc) {
+ set_blitting_type(vc, info);
}

con2fb_map[unit] = newidx;
--
2.34.1

Next message: Jarkko Sakkinen: "Re: [PATCH v5 5/5] tpm: flush the auth session only when /dev/tpm0 is open"
Previous message: Jarkko Sakkinen: "Re: [PATCH v5 4/5] tpm: Allocate chip->auth in tpm2_start_auth_session()"
Next in thread: Helge Deller: "Re: [PATCH v2] fbcon: Fix a NULL pointer dereference issue in fbcon_putcs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]