Re: git: 763179042246 - main - Fix NULL deref segfault in bhyve's usb_mouse.c

Reply: Warner Losh : "Re: git: 763179042246 - main - Fix NULL deref segfault in bhyve's usb_mouse.c"
In reply to: Warner Losh : "git: 763179042246 - main - Fix NULL deref segfault in bhyve's usb_mouse.c"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Chuck Tuffli <chuck_at_freebsd.org>
Date: Sun, 11 Jan 2026 23:18:11 UTC

On Fri, Jan 9, 2026 at 12:18 PM Warner Losh <imp@freebsd.org> wrote:
>
> The branch main has been updated by imp:
>
> URL: https://cgit.FreeBSD.org/src/commit/?id=7631790422464de1aec309018e2c444defe5f629
>
> commit 7631790422464de1aec309018e2c444defe5f629
> Author:     Jack Bendtsen <jackdbendtsen@gmail.com>
> AuthorDate: 2025-06-19 07:40:31 +0000
> Commit:     Warner Losh <imp@FreeBSD.org>
> CommitDate: 2026-01-09 20:17:13 +0000
>
>     Fix NULL deref segfault in bhyve's usb_mouse.c
>
>     Some of the cases inside umouse_request() (usr.sbin/bhyve/usb_mouse.c)
>     use the data component of an event, while only partially checking if
>     it's NULL. 'data' has a NULL check, but then 'data' is immediately
>     deferenced anyway after the check regardless of if it's NULL or not.

The SmartOS/Illumos folks ran into this issue a bit ago and fixed
their version of bhyve differently
(https://www.illumos.org/issues/17784). This has been on my to-do
list, but it didn't make it to the top before this (point hat:
chuck@). Any concerns or objections to my committing
https://reviews.freebsd.org/D54661 to minimize our diffs with
SmartOS/illumos?

--chuck