hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB8UN5 CVE: CVE-2022-48975
--------------------------------
Commit aa1e2bfdc899 attempt to fix a CVE problem, but the patch conflicted with current version. When the patch is adapted, an error is introduced in the function of gpiochip_add_data_with_key. After the gdev is released, the gdev is still accessed, resulting in use-after-free.
The value of gdev->ngpio is assigned from gc->ngpio and is not changed during the processing of function. Therefore, this patch changes gdev->ngpio to gc->ngpio to solve the above use-after-free problem.
Fixes: aa1e2bfdc899 ("gpiolib: fix memory leak in gpiochip_setup_dev()") Signed-off-by: He Yujie coka.heyujie@huawei.com --- drivers/gpio/gpiolib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 206d73810876..07d26ca22c2c 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -796,7 +796,7 @@ int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data, err_print_message: /* failures here can mean systems won't boot... */ pr_err("%s: GPIOs %d..%d (%s) failed to register, %d\n", __func__, - base, base + gdev->ngpio - 1, + base, base + (int)gc->ngpio - 1, gc->label ? : "generic", ret); return ret; }