Date: Sun, 11 Jan 2026 15:18:11 -0800 From: Chuck Tuffli <chuck@freebsd.org> To: Warner Losh <imp@freebsd.org> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org, Jack Bendtsen <jackdbendtsen@gmail.com> Subject: Re: git: 763179042246 - main - Fix NULL deref segfault in bhyve's usb_mouse.c Message-ID: <CAKAYmMJEoHjNF-EsL72ThJyDRRqyfri7j06bpuwamY9Ae9r%2BFg@mail.gmail.com> In-Reply-To: <69616257.8255.cd9e3ac@gitrepo.freebsd.org>
index | next in thread | previous in thread | raw e-mail
On Fri, Jan 9, 2026 at 12:18 PM Warner Losh <imp@freebsd.org> wrote: > > The branch main has been updated by imp: > > URL: https://cgit.FreeBSD.org/src/commit/?id=7631790422464de1aec309018e2c444defe5f629 > > commit 7631790422464de1aec309018e2c444defe5f629 > Author: Jack Bendtsen <jackdbendtsen@gmail.com> > AuthorDate: 2025-06-19 07:40:31 +0000 > Commit: Warner Losh <imp@FreeBSD.org> > CommitDate: 2026-01-09 20:17:13 +0000 > > Fix NULL deref segfault in bhyve's usb_mouse.c > > Some of the cases inside umouse_request() (usr.sbin/bhyve/usb_mouse.c) > use the data component of an event, while only partially checking if > it's NULL. 'data' has a NULL check, but then 'data' is immediately > deferenced anyway after the check regardless of if it's NULL or not. The SmartOS/Illumos folks ran into this issue a bit ago and fixed their version of bhyve differently (https://www.illumos.org/issues/17784). This has been on my to-do list, but it didn't make it to the top before this (point hat: chuck@). Any concerns or objections to my committing https://reviews.freebsd.org/D54661 to minimize our diffs with SmartOS/illumos? --chuckhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKAYmMJEoHjNF-EsL72ThJyDRRqyfri7j06bpuwamY9Ae9r%2BFg>