@@ -134,6 +134,7 @@ void drm_atomic_state_clear(struct drm_atomic_state *state)
connector->funcs->atomic_destroy_state(connector,
state->connector_states[i]);
+ state->connectors[i] = NULL;
state->connector_states[i] = NULL;
}
@@ -145,6 +146,7 @@ void drm_atomic_state_clear(struct drm_atomic_state *state)
crtc->funcs->atomic_destroy_state(crtc,
state->crtc_states[i]);
+ state->crtcs[i] = NULL;
state->crtc_states[i] = NULL;
}
@@ -156,6 +158,7 @@ void drm_atomic_state_clear(struct drm_atomic_state *state)
plane->funcs->atomic_destroy_state(plane,
state->plane_states[i]);
+ state->planes[i] = NULL;
state->plane_states[i] = NULL;
}
}
Users of the atomic state assume that if the pointer to a crtc, plane or connector is not NULL in the respective object vector, than the state for that object in *_states vector also won't be NULL. That assumption was broken by drm_atomic_state_clear(), which would clear the state pointer but leave the pointer to the object still set. This fixes a NULL pointer dereference in i915 caused by the use of drm_atomic_state_clear(). Cc: dri-devel@lists.freedesktop.org Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com> --- drivers/gpu/drm/drm_atomic.c | 3 +++ 1 file changed, 3 insertions(+)