Date: Sun, 11 Jan 2026 17:46:19 -0700 From: Warner Losh <imp@bsdimp.com> To: Chuck Tuffli <chuck@freebsd.org> Cc: Warner Losh <imp@freebsd.org>, src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org, Jack Bendtsen <jackdbendtsen@gmail.com> Subject: Re: git: 763179042246 - main - Fix NULL deref segfault in bhyve's usb_mouse.c Message-ID: <CANCZdfpSgUwyRFWeYdgJduQ0MOb9a3ZkSE8NaJy6pRMaBiz0aQ@mail.gmail.com> In-Reply-To: <CAKAYmMJEoHjNF-EsL72ThJyDRRqyfri7j06bpuwamY9Ae9r%2BFg@mail.gmail.com> References: <69616257.8255.cd9e3ac@gitrepo.freebsd.org> <CAKAYmMJEoHjNF-EsL72ThJyDRRqyfri7j06bpuwamY9Ae9r%2BFg@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sun, Jan 11, 2026 at 4:18 PM Chuck Tuffli <chuck@freebsd.org> wrote: > On Fri, Jan 9, 2026 at 12:18 PM Warner Losh <imp@freebsd.org> wrote: > > > > The branch main has been updated by imp: > > > > URL: > https://cgit.FreeBSD.org/src/commit/?id=7631790422464de1aec309018e2c444defe5f629 > > > > commit 7631790422464de1aec309018e2c444defe5f629 > > Author: Jack Bendtsen <jackdbendtsen@gmail.com> > > AuthorDate: 2025-06-19 07:40:31 +0000 > > Commit: Warner Losh <imp@FreeBSD.org> > > CommitDate: 2026-01-09 20:17:13 +0000 > > > > Fix NULL deref segfault in bhyve's usb_mouse.c > > > > Some of the cases inside umouse_request() > (usr.sbin/bhyve/usb_mouse.c) > > use the data component of an event, while only partially checking if > > it's NULL. 'data' has a NULL check, but then 'data' is immediately > > deferenced anyway after the check regardless of if it's NULL or not. > > The SmartOS/Illumos folks ran into this issue a bit ago and fixed > their version of bhyve differently > (https://www.illumos.org/issues/17784). This has been on my to-do > list, but it didn't make it to the top before this (point hat: > chuck@). Any concerns or objections to my committing > https://reviews.freebsd.org/D54661 to minimize our diffs with > SmartOS/illumos? > That's fine. Documented such on the review. Wraner [-- Attachment #2 --] <div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Sun, Jan 11, 2026 at 4:18 PM Chuck Tuffli <<a href="mailto:chuck@freebsd.org">chuck@freebsd.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Fri, Jan 9, 2026 at 12:18 PM Warner Losh <<a href="mailto:imp@freebsd.org" target="_blank">imp@freebsd.org</a>> wrote:<br> ><br> > The branch main has been updated by imp:<br> ><br> > URL: <a href="https://cgit.FreeBSD.org/src/commit/?id=7631790422464de1aec309018e2c444defe5f629" rel="noreferrer" target="_blank">https://cgit.FreeBSD.org/src/commit/?id=7631790422464de1aec309018e2c444defe5f629</a><br>; ><br> > commit 7631790422464de1aec309018e2c444defe5f629<br> > Author: Jack Bendtsen <<a href="mailto:jackdbendtsen@gmail.com" target="_blank">jackdbendtsen@gmail.com</a>><br> > AuthorDate: 2025-06-19 07:40:31 +0000<br> > Commit: Warner Losh <imp@FreeBSD.org><br> > CommitDate: 2026-01-09 20:17:13 +0000<br> ><br> > Fix NULL deref segfault in bhyve's usb_mouse.c<br> ><br> > Some of the cases inside umouse_request() (usr.sbin/bhyve/usb_mouse.c)<br> > use the data component of an event, while only partially checking if<br> > it's NULL. 'data' has a NULL check, but then 'data' is immediately<br> > deferenced anyway after the check regardless of if it's NULL or not.<br> <br> The SmartOS/Illumos folks ran into this issue a bit ago and fixed<br> their version of bhyve differently<br> (<a href="https://www.illumos.org/issues/17784" rel="noreferrer" target="_blank">https://www.illumos.org/issues/17784</a>). This has been on my to-do<br> list, but it didn't make it to the top before this (point hat:<br> chuck@). Any concerns or objections to my committing<br> <a href="https://reviews.freebsd.org/D54661" rel="noreferrer" target="_blank">https://reviews.freebsd.org/D54661</a>; to minimize our diffs with<br> SmartOS/illumos?<br></blockquote><div><br></div><div>That's fine. Documented such on the review.</div><div><br></div><div>Wraner</div><div> </div></div></div>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfpSgUwyRFWeYdgJduQ0MOb9a3ZkSE8NaJy6pRMaBiz0aQ>