Re: [PATCH] [PATCH v2] media: vidtv: fix general protection fault in vidtv_psi_ts_psi_write_into

Next message: Vlastimil Babka (SUSE): "Re: [PATCH 0/3] slab: support memoryless nodes with sheaves"
Previous message: Ricardo Ribalda: "[PATCH v3 4/4] media: uvcvideo: RFC: Convert allow_privacy_override into Kconfig"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hans Verkuil

Date: Mon Mar 16 2026 - 09:41:45 EST

Hi Soham,

On 07/02/2026 21:39, Soham Kute wrote:
> Add defensive validation for psi_write_args pointers to avoid
> null pointer dereference reported by syzbot.
>
> Reported-by: syzbot+814c351d094f41a1b86@xxxxxxxxxxxxxxxxxxxxxxxxx

I can't find any report with this hash from syzbot.

Can you point me to the correct syzbot report?

>
> Signed-off-by: Soham Kute <officialsohamkute@xxxxxxxxx>
> ---
> drivers/media/test-drivers/vidtv/vidtv_psi.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/media/test-drivers/vidtv/vidtv_psi.c b/drivers/media/test-drivers/vidtv/vidtv_psi.c
> index 2a51c898c..bac0ea03b 100644
> --- a/drivers/media/test-drivers/vidtv/vidtv_psi.c
> +++ b/drivers/media/test-drivers/vidtv/vidtv_psi.c
> @@ -156,7 +156,13 @@ static void vidtv_psi_set_sec_len(struct vidtv_psi_table_header *h, u16 new_len)
> * add stuffing (i.e. padding bytes) after the CRC
> */
> static u32 vidtv_psi_ts_psi_write_into(struct psi_write_args *args)
> -{
> +{
> + if (!args || !args->dest_buf || !args->from ||
> + !args->continuity_counter) {
> + pr_warn_once("%s: invalid write arguments\n", __func__);
> + return 0;
> + }

I'm fairly certain you paper over the real bug, which is somewhere else.

The question is where the NULL pointer is exactly and why it is NULL.

Without the syzbot report I have no idea.

Regards,

Hans

> +
> struct vidtv_mpeg_ts ts_header = {
> .sync_byte = TS_SYNC_BYTE,
> .bitfield = cpu_to_be16((args->new_psi_section << 14) | args->pid),