[PATCH v4] usb: gadget: g_dnl: Fix NULLPTR dereference when serial# is unset
Michael
michaelsunn101 at gmail.com
Wed Jan 29 06:31:37 CET 2025
Are there any other action items I should take care of?
On Tue, Jan 28, 2025 at 3:40 AM Mattijs Korpershoek
<mkorpershoek at baylibre.com> wrote:
>
> Hi Michael,
>
> Thank you for the patch.
>
> On lun., janv. 27, 2025 at 21:09, Michael Ferolito <michaelsunn101 at gmail.com> wrote:
>
> > The current behaviour of this function will dereference a null pointer
> > if the serial# environment variable is unset. This was discovered on a
> > board where U-Boot did not have access to the first 256MB of ram,
> > resulting in a board crash.
> > In the event that U-Boot has full access to memory, it will still read
> > from address 0, which is probably not optimal.
> > This simple check is enough to fix it
> >
> > Signed-off-by: Michael Ferolito <michaelsunn101 at gmail.com>
> > Cc: Marek Vasut <marex at denx.de>
> > Cc: Heiko Schocher <hs at denx.de>
> > Cc: Kyungmin Park <kyungmin.park at samsung.com>
>
> Reviewed-by: Mattijs Korpershoek <mkorpershoek at baylibre.com>
>
> > ---
> > drivers/usb/gadget/g_dnl.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/usb/gadget/g_dnl.c b/drivers/usb/gadget/g_dnl.c
> > index 631969b340..f2540eb6de 100644
> > --- a/drivers/usb/gadget/g_dnl.c
> > +++ b/drivers/usb/gadget/g_dnl.c
> > @@ -207,7 +207,8 @@ void g_dnl_clear_detach(void)
> > static int on_serialno(const char *name, const char *value, enum env_op op,
> > int flags)
> > {
> > - g_dnl_set_serialnumber((char *)value);
> > + if (value)
> > + g_dnl_set_serialnumber((char *)value);
> > return 0;
> > }
> > U_BOOT_ENV_CALLBACK(serialno, on_serialno);
> > --
> > 2.48.1
More information about the U-Boot
mailing list