drivers/media/test-drivers/vidtv/vidtv_psi.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
Add defensive validation for psi_write_args pointers to avoid
null pointer dereference reported by syzbot.
Reported-by: syzbot+814c351d094f41a1b86@syzkaller.appspotmail.com
Signed-off-by: Soham Kute <officialsohamkute@gmail.com>
---
drivers/media/test-drivers/vidtv/vidtv_psi.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/media/test-drivers/vidtv/vidtv_psi.c b/drivers/media/test-drivers/vidtv/vidtv_psi.c
index 2a51c898c..bac0ea03b 100644
--- a/drivers/media/test-drivers/vidtv/vidtv_psi.c
+++ b/drivers/media/test-drivers/vidtv/vidtv_psi.c
@@ -156,7 +156,13 @@ static void vidtv_psi_set_sec_len(struct vidtv_psi_table_header *h, u16 new_len)
* add stuffing (i.e. padding bytes) after the CRC
*/
static u32 vidtv_psi_ts_psi_write_into(struct psi_write_args *args)
-{
+{
+ if (!args || !args->dest_buf || !args->from ||
+ !args->continuity_counter) {
+ pr_warn_once("%s: invalid write arguments\n", __func__);
+ return 0;
+ }
+
struct vidtv_mpeg_ts ts_header = {
.sync_byte = TS_SYNC_BYTE,
.bitfield = cpu_to_be16((args->new_psi_section << 14) | args->pid),
--
2.34.1> Add defensive validation for psi_write_args pointers to avoid
> null pointer dereference reported by syzbot.
>
> Reported-by: syzbot+814c351d094f41a1b86@syzkaller.appspotmail.com
>
> Signed-off-by: Soham Kute <officialsohamkute@gmail.com>
> ---
> drivers/media/test-drivers/vidtv/vidtv_psi.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/media/test-drivers/vidtv/vidtv_psi.c b/drivers/media/test-drivers/vidtv/vidtv_psi.c
> index 2a51c898c..bac0ea03b 100644
> --- a/drivers/media/test-drivers/vidtv/vidtv_psi.c
> +++ b/drivers/media/test-drivers/vidtv/vidtv_psi.c
> @@ -156,7 +156,13 @@ static void vidtv_psi_set_sec_len(struct vidtv_psi_table_header *h, u16 new_len)
> * add stuffing (i.e. padding bytes) after the CRC
> */
> static u32 vidtv_psi_ts_psi_write_into(struct psi_write_args *args)
> -{
> +{
> + if (!args || !args->dest_buf || !args->from ||
> + !args->continuity_counter) {
> + pr_warn_once("%s: invalid write arguments\n", __func__);
> + return 0;
> + }
> +
> struct vidtv_mpeg_ts ts_header = {
> .sync_byte = TS_SYNC_BYTE,
> .bitfield = cpu_to_be16((args->new_psi_section << 14) | args->pid),
> --
> 2.34.1
>
I see the command but can't find the corresponding bug.
The email is sent to syzbot+HASH@syzkaller.appspotmail.com address
but the HASH does not correspond to any known bug.
Please double check the address.
v2: resend with correct syzbot Reported-by and maintainer To: list.
On Sun, Feb 8, 2026 at 1:52 AM syzbot <syzbot@syzkaller.appspotmail.com>
wrote:
> > Add defensive validation for psi_write_args pointers to avoid
> > null pointer dereference reported by syzbot.
> >
> > Reported-by: syzbot+814c351d094f41a1b86@syzkaller.appspotmail.com
> >
> > Signed-off-by: Soham Kute <officialsohamkute@gmail.com>
> > ---
> > drivers/media/test-drivers/vidtv/vidtv_psi.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/media/test-drivers/vidtv/vidtv_psi.c
> b/drivers/media/test-drivers/vidtv/vidtv_psi.c
> > index 2a51c898c..bac0ea03b 100644
> > --- a/drivers/media/test-drivers/vidtv/vidtv_psi.c
> > +++ b/drivers/media/test-drivers/vidtv/vidtv_psi.c
> > @@ -156,7 +156,13 @@ static void vidtv_psi_set_sec_len(struct
> vidtv_psi_table_header *h, u16 new_len)
> > * add stuffing (i.e. padding bytes) after the CRC
> > */
> > static u32 vidtv_psi_ts_psi_write_into(struct psi_write_args *args)
> > -{
> > +{
> > + if (!args || !args->dest_buf || !args->from ||
> > + !args->continuity_counter) {
> > + pr_warn_once("%s: invalid write arguments\n", __func__);
> > + return 0;
> > + }
> > +
> > struct vidtv_mpeg_ts ts_header = {
> > .sync_byte = TS_SYNC_BYTE,
> > .bitfield = cpu_to_be16((args->new_psi_section << 14) |
> args->pid),
> > --
> > 2.34.1
> >
>
> I see the command but can't find the corresponding bug.
> The email is sent to syzbot+HASH@syzkaller.appspotmail.com address
> but the HASH does not correspond to any known bug.
> Please double check the address.
>
>
© 2016 - 2026 Red Hat, Inc.