[v2] media: vidtv: fix general protection fault in vidtv_psi_ts_psi_write_into

[PATCH] [PATCH v2] media: vidtv: fix general protection fault in vidtv_psi_ts_psi_write_into

Posted by Soham Kute 21 hours ago

Add defensive validation for psi_write_args pointers to avoid
null pointer dereference reported by syzbot.

Reported-by: syzbot+814c351d094f41a1b86@syzkaller.appspotmail.com

Signed-off-by: Soham Kute <officialsohamkute@gmail.com>
---
 drivers/media/test-drivers/vidtv/vidtv_psi.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/media/test-drivers/vidtv/vidtv_psi.c b/drivers/media/test-drivers/vidtv/vidtv_psi.c
index 2a51c898c..bac0ea03b 100644
--- a/drivers/media/test-drivers/vidtv/vidtv_psi.c
+++ b/drivers/media/test-drivers/vidtv/vidtv_psi.c
@@ -156,7 +156,13 @@ static void vidtv_psi_set_sec_len(struct vidtv_psi_table_header *h, u16 new_len)
  * add stuffing (i.e. padding bytes) after the CRC
  */
 static u32 vidtv_psi_ts_psi_write_into(struct psi_write_args *args)
-{
+{	
+	if (!args || !args->dest_buf || !args->from ||
+	    !args->continuity_counter) {
+		pr_warn_once("%s: invalid write arguments\n", __func__);
+		return 0;
+	}
+
 	struct vidtv_mpeg_ts ts_header = {
 		.sync_byte = TS_SYNC_BYTE,
 		.bitfield = cpu_to_be16((args->new_psi_section << 14) | args->pid),
-- 
2.34.1

Re: [PATCH] [PATCH v2] media: vidtv: fix general protection fault in vidtv_psi_ts_psi_write_into

Posted by syzbot 21 hours ago

> Add defensive validation for psi_write_args pointers to avoid
> null pointer dereference reported by syzbot.
>
> Reported-by: syzbot+814c351d094f41a1b86@syzkaller.appspotmail.com
>
> Signed-off-by: Soham Kute <officialsohamkute@gmail.com>
> ---
>  drivers/media/test-drivers/vidtv/vidtv_psi.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/media/test-drivers/vidtv/vidtv_psi.c b/drivers/media/test-drivers/vidtv/vidtv_psi.c
> index 2a51c898c..bac0ea03b 100644
> --- a/drivers/media/test-drivers/vidtv/vidtv_psi.c
> +++ b/drivers/media/test-drivers/vidtv/vidtv_psi.c
> @@ -156,7 +156,13 @@ static void vidtv_psi_set_sec_len(struct vidtv_psi_table_header *h, u16 new_len)
>   * add stuffing (i.e. padding bytes) after the CRC
>   */
>  static u32 vidtv_psi_ts_psi_write_into(struct psi_write_args *args)
> -{
> +{	
> +	if (!args || !args->dest_buf || !args->from ||
> +	    !args->continuity_counter) {
> +		pr_warn_once("%s: invalid write arguments\n", __func__);
> +		return 0;
> +	}
> +
>  	struct vidtv_mpeg_ts ts_header = {
>  		.sync_byte = TS_SYNC_BYTE,
>  		.bitfield = cpu_to_be16((args->new_psi_section << 14) | args->pid),
> -- 
> 2.34.1
>

I see the command but can't find the corresponding bug.
The email is sent to  syzbot+HASH@syzkaller.appspotmail.com address
but the HASH does not correspond to any known bug.
Please double check the address.